This bug was fixed in the package qemu-kvm - 0.12.5+noroms-0ubuntu7.2 --------------- qemu-kvm (0.12.5+noroms-0ubuntu7.2) maverick-security; urgency=low
[ Dustin Kirkland ] * SECURITY UPDATE: Setting VNC password to empty string silently disables all authentication (LP: #697197). - debian/patches/697197-fix-vnc-password-semantics.patch: Reverses the change introduced in Qemu by git commit 52c18be9, thanks to Neil Wilson. - CVE-2011-0011 [ Kees Cook ] * debian/rules: disable parallel build; fix FTBFS. -- Kees Cook <k...@ubuntu.com> Fri, 11 Feb 2011 15:52:12 -0800 ** Changed in: qemu-kvm (Ubuntu Maverick) Status: Fix Committed => Fix Released ** Changed in: qemu-kvm (Ubuntu Lucid) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. https://bugs.launchpad.net/bugs/697197 Title: Empty password allows access to VNC in libvirt -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs