From 96f1bd13a0a6012928bb3b95c0e62e27cf80a5c2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Thu, 1 Jul 2021 12:38:45 +0100
Subject: [PATCH] Add news item for sVirt CVE fix
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 NEWS.rst | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/NEWS.rst b/NEWS.rst
index 935b0d0aad..2fbbd2cd3c 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -11,6 +11,14 @@ For a more fine-grained view, use the `git log`_.
 v7.5.0 (unreleased)
 ===================
 
+* **Security**
+
+  * svirt: fix MCS label generation (CVE-2021-3631)
+
+    A flaw in the way MCS labels were generated could result in a VM's
+    resource not being fully protected from access by another VM were
+    it to be compromised. https://gitlab.com/libvirt/libvirt/-/issues/153
+
 * **Removed features**
 
   * xen: Remove support for Xen < 4.9