On Wed, Jan 17, 2024 at 03:10:30PM +0300, Michael Tokarev wrote: > 15.01.2024 12:51, Daniel P. Berrangé wrote: > > The extended clipboard message protocol requires that the client > > activate the extension by requesting a psuedo encoding. If this > > is not done, then any extended clipboard messages from the client > > should be considered invalid and the client dropped. > > > > Signed-off-by: Daniel P. Berrangé <[email protected]> > > --- > > > > The need for fix was identified as part of investigation for > > CVE-2023-6683. This does NOT, however, fix that CVE as it only > > addresses one of the problem codepaths that can trigger that > > CVE. > > This might be a good pick for -stable too, in addition to the actual > CVE-2023-6683 fix (adding -stable).
Agreed, both would be a good idea for stable. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
