Date: Tue, 15 Nov 2016 20:11:11 +0000 From: Hector Marco <hecmargi@....es> To: oss-security@...ts.openwall.com Cc: Ismael Ripoll <iripoll@...ca.upv.es> Subject: Re: [FD] CVE-2016-4484: - Cryptsetup Initrd root Shell Hello, It would be more precise to say "2:1.7.3-2" rather than "2:1". This number refers to the Debian package. It seems that Debian is using different version numbers for the "cryptsetup" package: https://security-tracker.debian.org/tracker/CVE-2016-4484 We are not sure whether the last part of the version number (2:1.7.3-2) of the Debian package (1.7.3-2) is used to match with the cryptsetup version. Just to avoid confusion, the bug is on the scripts (initramfs) and not in the cryptsetup encryption/decryption algorithms. Regards, Hector Marco & Ismael Ripoll. > On Mon, Nov 14, 2016 at 08:45:51PM +0000, Hector Marco wrote: >> Hello All, >> >> Affected package >> ---------------- >> Cryptsetup <= 2:1 > > Hi, > > Can you clarify which versions are affected? > > The latest upstream version is 1.7.3: > > https://gitlab.com/cryptsetup/cryptsetup/commits/master > > What is the 2:1 version? > [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ