The following CVE IDs have been issued for Calamares in this instance by MITRE, IDs were requested via the CVE form:
CVE-2019-13178 was assigned for the race condition that Seth Arnold identified in https://github.com/calamares/calamares/issues/1190 regarding unsafe UMask and file permissions during creation of the keyfile. CVE-2019-13179 was assigned for the improper handling of the LUKS encryption keyfile from /crypto_keyfile.bin to /boot in a globally readable initramfs issue for which upstream issue https://github.com/calamares/calamares/issues/1191 was created. ** Bug watch added: Calamares Issues #1190 https://github.com/calamares/calamares/issues/1190 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-13178 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-13179 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1835095 Title: Lubuntu initrd images leaking cryptographic secret when disk encryption is used To manage notifications about this bug go to: https://bugs.launchpad.net/calamares/+bug/1835095/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
