[libvirt] [PATCH] qemu: Let empty default VNC password work as documented
Daniel P. Berrange
berrange at redhat.com
Thu Jun 30 08:15:25 UTC 2016
On Thu, Jun 30, 2016 at 09:28:24AM +0200, Jiri Denemark wrote:
> CVE-2016-5008
>
> Setting an empty graphics password is documented as a way to disable
> VNC/SPICE access, but QEMU does not always behaves like that. VNC would
> happily accept the empty password. Let's enforce the behavior by setting
> password expiration to "now".
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1180092
>
> Signed-off-by: Jiri Denemark <jdenemar at redhat.com>
> ---
> src/qemu/qemu_hotplug.c | 14 +++++++-------
> 1 file changed, 7 insertions(+), 7 deletions(-)
ACK, please push for 2.0.0
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list