Package: qtpass
Version: 1.1.6-1
Tags: security
Severity: important
It is noted in the changelog for version 1.2.1-1, but shouldn't the fix
be applied to the stretch package as well?
Per QtPass upstream (open disclosure), passwords generated from within
the application are insecure due to not being properly seeded.
github issue
https://github.com/IJHack/QtPass/issues/338
github PR with released fix in 1.2.1 for applying to stretch version
https://github.com/IJHack/QtPass/pull/342
CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18021
