Re: [PATCH] qemu: Let empty default VNC password work as documented

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Jun 30, 2016 at 09:28:24AM +0200, Jiri Denemark wrote:
> CVE-2016-5008
> 
> Setting an empty graphics password is documented as a way to disable
> VNC/SPICE access, but QEMU does not always behaves like that. VNC would
> happily accept the empty password. Let's enforce the behavior by setting
> password expiration to "now".
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1180092
> 
> Signed-off-by: Jiri Denemark <jdenemar@xxxxxxxxxx>
> ---
>  src/qemu/qemu_hotplug.c | 14 +++++++-------
>  1 file changed, 7 insertions(+), 7 deletions(-)

ACK, please push for 2.0.0


Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]