Bug#886889: Fix insecure password generation in stretch
Control: tags -1 pending Hi, On 10.01.2018 18:00:14, Joel Johnson wrote: > It is noted in the changelog for version 1.2.1-1, but shouldn't the fix be > applied to the stretch package as well? Yes, I'm waiting for the Stable Reslease Managers: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886593 Best, Philip signature.asc Description: PGP signature
Bug#886889: Fix insecure password generation in stretch
Package: qtpass Version: 1.1.6-1 Tags: security Severity: important It is noted in the changelog for version 1.2.1-1, but shouldn't the fix be applied to the stretch package as well? Per QtPass upstream (open disclosure), passwords generated from within the application are insecure due to not being properly seeded. github issue https://github.com/IJHack/QtPass/issues/338 github PR with released fix in 1.2.1 for applying to stretch version https://github.com/IJHack/QtPass/pull/342 CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18021
