Source: calamares Version: 3.2.4-4 Severity: important Tags: security upstream Forwarded: https://github.com/calamares/calamares/issues/1190 Control: found -1 3.2.4-3
Hi, The following vulnerability was published for calamares. CVE-2019-13178[0]: | modules/luksbootkeyfile/main.py in Calamares through 3.2.4 has a race | condition between the time when the LUKS encryption keyfile is created | and when secure permissions are set. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-13178 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13178 [1] https://github.com/calamares/calamares/issues/1190 Regards, Salvatore
