[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] ui: reject extended clipboard message if not activated
|
From: |
Daniel P . Berrangé |
|
Subject: |
Re: [PATCH] ui: reject extended clipboard message if not activated |
|
Date: |
Wed, 17 Jan 2024 12:15:35 +0000 |
|
User-agent: |
Mutt/2.2.10 (2023-03-25) |
On Wed, Jan 17, 2024 at 03:10:30PM +0300, Michael Tokarev wrote:
> 15.01.2024 12:51, Daniel P. Berrangé wrote:
> > The extended clipboard message protocol requires that the client
> > activate the extension by requesting a psuedo encoding. If this
> > is not done, then any extended clipboard messages from the client
> > should be considered invalid and the client dropped.
> >
> > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> > ---
> >
> > The need for fix was identified as part of investigation for
> > CVE-2023-6683. This does NOT, however, fix that CVE as it only
> > addresses one of the problem codepaths that can trigger that
> > CVE.
>
> This might be a good pick for -stable too, in addition to the actual
> CVE-2023-6683 fix (adding -stable).
Agreed, both would be a good idea for stable.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|