From d43e3d63de1622e98313bb797922dfd7d95ddd11 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 14 Jun 2012 12:22:26 +0100
Subject: virt-edit: Document CVE-2012-2690.

---
 edit/virt-edit.pod | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/edit/virt-edit.pod b/edit/virt-edit.pod
index bec45421..765b8b27 100644
--- a/edit/virt-edit.pod
+++ b/edit/virt-edit.pod
@@ -326,6 +326,20 @@ C<touch>, C<write> or C<upload> instead:
 
  guestfish --rw -i -d domname upload localfile /newfile
 
+=head1 CVE-2012-2690
+
+Old versions of both virt-edit and the guestfish C<edit> command
+created a new file containing the changes but did not set the
+permissions, etc of the new file to match the old one.  The result of
+this was that if you edited a security sensitive file such as
+C</etc/shadow> then it would be left world-readable after the edit.
+
+This issue was assigned CVE-2012-2690, and is fixed in
+libguestfs E<ge> 1.16.
+
+For further information, see
+https://bugzilla.redhat.com/show_bug.cgi?id=788642
+
 =head1 ENVIRONMENT VARIABLES
 
 =over 4
-- 
cgit