From 171ffdde8be590f784086a021a7e6f36c4ecdb4b Mon Sep 17 00:00:00 2001
From: Eric Blake <eblake@redhat.com>
Date: Fri, 12 Mar 2021 17:00:58 -0600
Subject: [PATCH] security: Document assignment of CVE-2021-20286

Now that we finally have a CVE number, it's time to document
the problem (it's low severity, but still a denial of service).

Fixes: fb4440de9cc7 (opt_go: Tolerate unplanned server death)
(cherry picked from commit 40308a005eaa6b2e8f98da8952d0c0cacc51efde)
---
 docs/libnbd-security.pod | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/docs/libnbd-security.pod b/docs/libnbd-security.pod
index d8ead87..0cae846 100644
--- a/docs/libnbd-security.pod
+++ b/docs/libnbd-security.pod
@@ -22,6 +22,12 @@ L<https://www.redhat.com/archives/libguestfs/2019-September/msg00128.html>
 See the full announcement here:
 L<https://www.redhat.com/archives/libguestfs/2019-October/msg00060.html>
 
+=head2 CVE-2021-20286
+denial of service when using L<nbd_set_opt_mode(3)>
+
+See the full announcement here:
+L<https://listman.redhat.com/archives/libguestfs/2021-March/msg00092.html>
+
 =head1 SEE ALSO
 
 L<libnbd(3)>.
@@ -34,4 +40,4 @@ Richard W.M. Jones
 
 =head1 COPYRIGHT
 
-Copyright (C) 2019 Red Hat Inc.
+Copyright (C) 2019-2021 Red Hat Inc.
-- 
2.31.1