Comment 43 for bug 1409142
Revision history for this message
| Andrew Laski (alaski) wrote Re: Websocket Hijacking Vulnerability in Nova VNC Server (CVE-2015-0259) | #43 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
I'm of the same opinion as Dave, that this patch should move forward as is. It addresses the originally reported issue, but not the variation of the issue that Paul brought to light. And I agree that fixing the other issue in a backwards compatible way is going to be difficult unless it defaults to bypassing enforcement, which leaves it functionally the same as this patch.