15.01.2024 12:51, Daniel P. Berrangé wrote:
The extended clipboard message protocol requires that the client
activate the extension by requesting a psuedo encoding. If this
is not done, then any extended clipboard messages from the client
should be considered invalid and the client dropped.
Signed-off-by: Daniel P. Berrangé <[email protected]>
---
The need for fix was identified as part of investigation for
CVE-2023-6683. This does NOT, however, fix that CVE as it only
addresses one of the problem codepaths that can trigger that
CVE.
This might be a good pick for -stable too, in addition to the actual
CVE-2023-6683 fix (adding -stable).
/mjt
