|
| From: | Philippe Mathieu-Daudé |
| Subject: | Re: [PATCH 1/2] qga/win32: Remove change action from MSI installer |
| Date: | Tue, 21 Feb 2023 09:15:15 +0100 |
| User-agent: | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.8.0 |
On 20/2/23 18:41, Konstantin Kostiuk wrote:
resolves: rhbz#2167436
"You are not authorized to access bug #2167436."
fixes: CVE-2023-0664
This commit description is rather scarce... I understand you are trying to fix a CVE, but we shouldn't play the "security by obscurity" card. How can the community and distributions know this security fix is enough with the bare "Remove change action from MSI installer" justification? Can't we do better?
Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com>
---
qga/installer/qemu-ga.wxs | 1 +
1 file changed, 1 insertion(+)
diff --git a/qga/installer/qemu-ga.wxs b/qga/installer/qemu-ga.wxs
index 51340f7ecc..feb629ec47 100644
--- a/qga/installer/qemu-ga.wxs
+++ b/qga/installer/qemu-ga.wxs
@@ -31,6 +31,7 @@
/>
<Media Id="1" Cabinet="qemu_ga.$(var.QEMU_GA_VERSION).cab" EmbedCab="yes"
/>
<Property Id="WHSLogo">1</Property>
+ <Property Id="ARPNOMODIFY" Value="yes" Secure="yes" />
<MajorUpgrade
DowngradeErrorMessage="Error: A newer version of QEMU guest agent is already
installed."
/>
--
2.25.1
| [Prev in Thread] | Current Thread | [Next in Thread] |