On Thu, Jun 30, 2016 at 09:28:24AM +0200, Jiri Denemark wrote: > CVE-2016-5008 > > Setting an empty graphics password is documented as a way to disable > VNC/SPICE access, but QEMU does not always behaves like that. VNC would > happily accept the empty password. Let's enforce the behavior by setting > password expiration to "now". > > https://bugzilla.redhat.com/show_bug.cgi?id=1180092 > > Signed-off-by: Jiri Denemark <jdenemar@xxxxxxxxxx> > --- > src/qemu/qemu_hotplug.c | 14 +++++++------- > 1 file changed, 7 insertions(+), 7 deletions(-) ACK, please push for 2.0.0 Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list