add launchpad bug reports without comments

author: Christian Krinitsin <mail@krinitsin.com> 2025-06-30 12:24:58 +0000
committer: Christian Krinitsin <mail@krinitsin.com> 2025-06-30 12:27:06 +0000
commit: 33606b41d35115f887ea688b1a16f2ff85bf2fe4 (patch)
tree: 406b2c7b19a087ba437c68f3dbf0b589fa1d6150 /results/scraper/launchpad-without-comments/1136477
parent: adedf8771bc4de3113041ca21bd4d0d1c0014b6a (diff)
download: qemu-analysis-33606b41d35115f887ea688b1a16f2ff85bf2fe4.tar.gz
qemu-analysis-33606b41d35115f887ea688b1a16f2ff85bf2fe4.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/results/scraper/launchpad-without-comments/1136477 b/results/scraper/launchpad-without-comments/1136477
new file mode 100644
index 000000000..9c97f5bb1
--- /dev/null
+++ b/results/scraper/launchpad-without-comments/1136477
@@ -0,0 +1,5 @@
+qemu doesn't sanitize command line options carrying plaintext passwords
+
+A slight security problem exists with qemu's lack of sanitization of argv[], for cases where the user may have specified a plaintext password for spice/vnc authorization.  (Yes, it's not great to use this facility, but it's convenient and not grotesquely unsafe, were it not for this bug.)  It would be nice if those plaintext passwords were nuked from the command line, so a subsequent "ps awux" didn't show them for all to see.
+
+See also https://bugzilla.redhat.com/show_bug.cgi?id=916279
\ No newline at end of file
author	Christian Krinitsin <mail@krinitsin.com>	2025-06-30 12:24:58 +0000
committer	Christian Krinitsin <mail@krinitsin.com>	2025-06-30 12:27:06 +0000
commit	33606b41d35115f887ea688b1a16f2ff85bf2fe4 (patch)
tree	406b2c7b19a087ba437c68f3dbf0b589fa1d6150 /results/scraper/launchpad-without-comments/1136477
parent	adedf8771bc4de3113041ca21bd4d0d1c0014b6a (diff)
download	qemu-analysis-33606b41d35115f887ea688b1a16f2ff85bf2fe4.tar.gz qemu-analysis-33606b41d35115f887ea688b1a16f2ff85bf2fe4.zip