Date: Tue, 15 Nov 2016 20:11:11 +0000 From: Hector Marco <hecmargi@....es> To: oss-security@...ts.openwall.com Cc: Ismael Ripoll <iripoll@...ca.upv.es> Subject: Re: [FD] CVE-2016-4484: - Cryptsetup Initrd root Shell Hello, It would be more precise to say "2:1.7.3-2" rather than "2:1". This number refers to the Debian package. It seems that Debian is using different version numbers for the "cryptsetup" package: https://security-tracker.debian.org/tracker/CVE-2016-4484 We are not sure whether the last part of the version number (2:1.7.3-2) of the Debian package (1.7.3-2) is used to match with the cryptsetup version. Just to avoid confusion, the bug is on the scripts (initramfs) and not in the cryptsetup encryption/decryption algorithms. Regards, Hector Marco & Ismael Ripoll. > On Mon, Nov 14, 2016 at 08:45:51PM +0000, Hector Marco wrote: >> Hello All, >> >> Affected package >> ---------------- >> Cryptsetup <= 2:1 > > Hi, > > Can you clarify which versions are affected? > > The latest upstream version is 1.7.3: > > https://gitlab.com/cryptsetup/cryptsetup/commits/master > > What is the 2:1 version? > Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.