30 Jun
2016
30 Jun
'16
4:30 a.m.
On Thu, Jun 30, 2016 at 09:15:25 +0100, Daniel P. Berrange wrote:
On Thu, Jun 30, 2016 at 09:28:24AM +0200, Jiri Denemark wrote:
CVE-2016-5008
Setting an empty graphics password is documented as a way to disable VNC/SPICE access, but QEMU does not always behaves like that. VNC would happily accept the empty password. Let's enforce the behavior by setting password expiration to "now".
https://bugzilla.redhat.com/show_bug.cgi?id=1180092
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> --- src/qemu/qemu_hotplug.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-)
ACK, please push for 2.0.0
Thanks and pushed. Jirka