Please excuse me for late reply - I missed your email initially somehow.
28.01.2011 00:59, Moritz Mühlenhoff wrote:
[]
Thanks for the verbose explanation. I've updated the Debian
Security Tracker.
While we're at it; could you please also look into
On Fri, Feb 04, 2011 at 01:35:11PM +0300, Michael Tokarev wrote:
Please excuse me for late reply - I missed your email initially somehow.
28.01.2011 00:59, Moritz Mühlenhoff wrote:
[]
Thanks for the verbose explanation. I've updated the Debian
Security Tracker.
While we're at it;
user release.debian@packages.debian.org
usertag 611134 squeeze-can-defer
tag 611134 squeeze-ignore
kthxbye
On Tue, Jan 25, 2011 at 22:25:27 +0100, Moritz Muehlenhoff wrote:
Package: kvm
Severity: grave
Tags: security
Please see the following entry in the Red Hat bugzilla:
disables all authentication
There were no usertags set.
Usertags are now: squeeze-can-defer.
tag 611134 squeeze-ignore
Bug #611134 [kvm] CVE-2011-0011 qemu-kvm: Setting VNC password to empty string
silently disables all authentication
Added tag(s) squeeze-ignore.
kthxbye
Stopping processing here
On Wed, Jan 26, 2011 at 08:56:06AM +0300, Michael Tokarev wrote:
26.01.2011 00:25, Moritz Muehlenhoff wrote:
Package: kvm
Severity: grave
Tags: security
Please see the following entry in the Red Hat bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0011
Yes, I've
On Wed, Jan 26, 2011 at 08:56:06 +0300, Michael Tokarev wrote:
Second, this is an intended behavour. Emty vnc password
meant to be no authentication, not a lockdown. When you
start it without specifying a password it lets everyone
in.
Intended by whom?
Cheers,
Julien
signature.asc
On 26.01.2011 11:25, Julien Cristau wrote:
On Wed, Jan 26, 2011 at 08:56:06 +0300, Michael Tokarev wrote:
Second, this is an intended behavour. Emty vnc password
meant to be no authentication, not a lockdown. When you
start it without specifying a password it lets everyone
in.
Intended
Package: kvm
Severity: grave
Tags: security
Please see the following entry in the Red Hat bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0011
The impact is not entirely obvious to me? Do I understand it
correctly that a malicious application accessing a KVM
instance could lock
26.01.2011 00:25, Moritz Muehlenhoff wrote:
Package: kvm
Severity: grave
Tags: security
Please see the following entry in the Red Hat bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0011
Yes, I've seen this even before CVE ID were assigned.
The impact is not entirely
9 matches
Mail list logo