On 08.03.21 20:26, Markus Frosch wrote:
> Thanks for reporting, haven't been following upstream for a while since I
> don't
> use the package actively anymore.
Admittedly, this particular information was somewhat buried.
> Due to lack of time, I'll upload a minimal patch for now. Feel free to jo
Hi Christian,
On Sun, 2021-03-07 at 15:44 +0100, Christian Kastner wrote:
> Looking at the upstream yubikey-luks repository, I noticed what seems to
> be an important recent fix, namely for the password (used as the yubikey
> challenge) being exposed in the process list:
>
> https://github.com
Package: yubikey-luks
Version: 0.5.1+29.g5df2b95-5
Severity: grave
Justification: confidential information leak
Tags: security
Hi,
Looking at the upstream yubikey-luks repository, I noticed what seems to
be an important recent fix, namely for the password (used as the yubikey
challenge) being exp
3 matches
Mail list logo
