Those two patches introduce a fix for a low impact CVE where both user & admin password would be passed to the osinfo-install-script via command line. In order to avoid doing so, let's introduce a --config-file and error out whenever a password is passed via --config. Fabiano Fidêncio (2): tools,install-script: Add --config-file (-f) option tools,install-script: Do not accept user & admin password via --config tools/osinfo-install-script.c | 111 +++++++++++++++++++++++++++++++++- 1 file changed, 108 insertions(+), 3 deletions(-) -- 2.21.0 _______________________________________________ Libosinfo mailing list Libosinfo@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libosinfo
