@security team, Could you please sponsor this to the maverick-security queue? Thanks!
** Patch added: "697197.debdiff" https://bugs.launchpad.net/ubuntu/maverick/+source/qemu-kvm/+bug/697197/+attachment/1843528/+files/697197.debdiff ** Changed in: qemu-kvm (Ubuntu Maverick) Assignee: Dustin Kirkland (kirkland) => Ubuntu Security Team (ubuntu-security) -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/697197 Title: Empty password allows access to VNC in libvirt Status in libvirt virtualization API: Unknown Status in QEMU: Confirmed Status in qemu-kvm: Unknown Status in “libvirt” package in Ubuntu: Invalid Status in “qemu-kvm” package in Ubuntu: In Progress Status in “libvirt” source package in Maverick: Invalid Status in “qemu-kvm” source package in Maverick: In Progress Status in “libvirt” source package in Natty: Invalid Status in “qemu-kvm” source package in Natty: In Progress Bug description: The help in the /etc/libvirt/qemu.conf states "To allow access without passwords, leave this commented out. An empty string will still enable passwords, but be rejected by QEMU effectively preventing any use of VNC." yet setting: vnc_password="" allows access to the vnc console without any password prompt just as if it is hashed out completely. ProblemType: Bug DistroRelease: Ubuntu 10.10 Package: libvirt-bin 0.8.3-1ubuntu14 ProcVersionSignature: Ubuntu 2.6.35-24.42-server 2.6.35.8 Uname: Linux 2.6.35-24-server x86_64 Architecture: amd64 Date: Tue Jan 4 12:18:35 2011 InstallationMedia: Ubuntu-Server 10.04.1 LTS "Lucid Lynx" - Release amd64 (20100816.2) ProcEnviron: LANG=en_GB.UTF-8 SHELL=/bin/bash SourcePackage: libvirt
