libvirt.so is vulnerable to information disclosures. A malicious user can use the VIR_DOMAIN_XML_MIGRATABLE
flag to implicitly enable the VIR_DOMAIN_XML_SECURE
flag, allowing a malicious user access to the VNC connection password.
lists.opensuse.org/opensuse-updates/2014-11/msg00083.html
secunia.com/advisories/60010
secunia.com/advisories/60895
secunia.com/advisories/62058
secunia.com/advisories/62303
security.gentoo.org/glsa/glsa-201412-04.xml
security.libvirt.org/2014/0007.html
www.ubuntu.com/usn/USN-2404-1
bugzilla.redhat.com/show_bug.cgi?id=1160817
github.com/libvirt/libvirt/commit/b1674ad5a97441b7e1bd5f5ebaff498ef2fbb11b