Let's not expose user & admin passwords neither by having an option to be used to set those passwords nor in the debug messages. 'CVE-2019-10183' has been assigned to the virt-install --unattended admin-password=xxx disclosure issue. Fabiano Fidêncio (2): unattended: Read the passwords from a file unattended: Don't log user & admin passwords man/virt-install.pod | 14 +++++++--- tests/cli-test-xml/admin-password.txt | 1 + tests/cli-test-xml/user-password.txt | 3 +++ tests/clitest.py | 18 +++++++------ virtinst/cli.py | 4 +-- virtinst/install/unattended.py | 38 ++++++++++++++++++--------- 6 files changed, 52 insertions(+), 26 deletions(-) create mode 100644 tests/cli-test-xml/admin-password.txt create mode 100644 tests/cli-test-xml/user-password.txt -- 2.21.0 _______________________________________________ virt-tools-list mailing list virt-tools-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/virt-tools-list
