[libvirt] [PATCH] qemu: Let empty default VNC password work as documented
Jiri Denemark
jdenemar at redhat.com
Thu Jun 30 08:30:55 UTC 2016
On Thu, Jun 30, 2016 at 09:15:25 +0100, Daniel P. Berrange wrote:
> On Thu, Jun 30, 2016 at 09:28:24AM +0200, Jiri Denemark wrote:
> > CVE-2016-5008
> >
> > Setting an empty graphics password is documented as a way to disable
> > VNC/SPICE access, but QEMU does not always behaves like that. VNC would
> > happily accept the empty password. Let's enforce the behavior by setting
> > password expiration to "now".
> >
> > https://bugzilla.redhat.com/show_bug.cgi?id=1180092
> >
> > Signed-off-by: Jiri Denemark <jdenemar at redhat.com>
> > ---
> > src/qemu/qemu_hotplug.c | 14 +++++++-------
> > 1 file changed, 7 insertions(+), 7 deletions(-)
>
> ACK, please push for 2.0.0
Thanks and pushed.
Jirka
More information about the libvir-list
mailing list