From 4e10b167ee5b0f9f6e2b4d9f53af4bc9bf864a81 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9D=A8=E5=A3=AE=E5=A3=AE?= <1162011203@qq.com>
Date: Mon, 8 Feb 2021 11:47:50 +0800
Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E8=AF=B4=E6=98=8E=E4=BF=AE?=
 =?UTF-8?q?=E5=A4=8D=E7=9A=84=E9=97=AE=E9=A2=98=EF=BC=8C=E5=B9=B6=E9=99=84?=
 =?UTF-8?q?=E4=B8=8Acve=E9=93=BE=E6=8E=A5=E4=BB=A5=E5=8F=8A=E6=98=AF?=
 =?UTF-8?q?=E7=A4=BE=E5=8C=BA=E4=BF=AE=E5=A4=8D=E8=A1=A5=E4=B8=81=E9=93=BE?=
 =?UTF-8?q?=E6=8E=A5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 libqb.spec | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/libqb.spec b/libqb.spec
index 527c21b..45b392f 100644
--- a/libqb.spec
+++ b/libqb.spec
@@ -76,7 +76,12 @@ help documents for libqb package
 
 %changelog
 * Fri Feb 5 2021 yangzhuangzhuang <yangzhuangzhuang1@huawei.com> - 1.0.3-7
-- Fix CVE-2019-12779
+- Fix CVE-2019-12779 libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack。
+  CVE Link：https://nvd.nist.gov/vuln/detail/CVE-2019-12779
+  Community Patch Link：
+  https://github.com/ClusterLabs/libqb/commit/e322e98dc264bc5911d6fe1d371e55ac9f95a71e
+  https://github.com/ClusterLabs/libqb/commit/7cd7b06d52ac80c343f362c7e39ef75495439dfc
+  https://github.com/ClusterLabs/libqb/commit/6a4067c1d1764d93d255eccecfd8bf9f43cb0b4d
 
 * Tue Apr 27 2020 wangerfeng <wangerfeng5@huawei.com> - 1.0.3-6
 - Package init
-- 
Gitee