Re: [PATCH] ui: reject extended clipboard message if not activated

qemu-stable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] ui: reject extended clipboard message if not activated

From:	Michael Tokarev
Subject:	Re: [PATCH] ui: reject extended clipboard message if not activated
Date:	Wed, 17 Jan 2024 15:10:30 +0300
User-agent:	Mozilla Thunderbird

15.01.2024 12:51, Daniel P. Berrangé wrote:

The extended clipboard message protocol requires that the client
activate the extension by requesting a psuedo encoding. If this
is not done, then any extended clipboard messages from the client
should be considered invalid and the client dropped.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---

The need for fix was identified as part of investigation for
CVE-2023-6683. This does NOT, however, fix that CVE as it only
addresses one of the problem codepaths that can trigger that
CVE.


This might be a good pick for -stable too, in addition to the actual
CVE-2023-6683 fix (adding -stable).

/mjt

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH] ui: reject extended clipboard message if not activated, Michael Tokarev <=
- Re: [PATCH] ui: reject extended clipboard message if not activated, Daniel P . Berrangé, 2024/01/17

Prev by Date: Re: [PATCH v2] ui/clipboard: ensure data is available or request callback is set upon update
Next by Date: Re: [PATCH] ui: reject extended clipboard message if not activated
Previous by thread: [PATCH v2] ui/clipboard: ensure data is available or request callback is set upon update
Next by thread: Re: [PATCH] ui: reject extended clipboard message if not activated
Index(es):
- Date
- Thread