Re: [libvirt] [PATCH] qemu: Let empty default VNC password work as documented

On Thu, Jun 30, 2016 at 09:28:24AM +0200, Jiri Denemark wrote: > CVE-2016-5008 > > Setting an empty graphics password is documented as a way to disable > VNC/SPICE access, but QEMU does not always behaves like that. VNC would > happily accept the empty password. Let's enforce the behavior by setting > password expiration to "now". > > https://bugzilla.redhat.com/show_bug.cgi?id=1180092 > > Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com&gt; > --- > src/qemu/qemu_hotplug.c | 14 +++++++------- > 1 file changed, 7 insertions(+), 7 deletions(-) ACK, please push for 2.0.0