On Thu, Jun 30, 2016 at 09:15:25 +0100, Daniel P. Berrange wrote: > On Thu, Jun 30, 2016 at 09:28:24AM +0200, Jiri Denemark wrote: > > CVE-2016-5008 > > > > Setting an empty graphics password is documented as a way to disable > > VNC/SPICE access, but QEMU does not always behaves like that. VNC would > > happily accept the empty password. Let's enforce the behavior by setting > > password expiration to "now". > > > > https://bugzilla.redhat.com/show_bug.cgi?id=1180092 > > > > Signed-off-by: Jiri Denemark <jdenemar@xxxxxxxxxx> > > --- > > src/qemu/qemu_hotplug.c | 14 +++++++------- > > 1 file changed, 7 insertions(+), 7 deletions(-) > > ACK, please push for 2.0.0 Thanks and pushed. Jirka -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list