Package: qtpass Version: 1.1.6-1 Tags: security Severity: important
It is noted in the changelog for version 1.2.1-1, but shouldn't the fix be applied to the stretch package as well?
Per QtPass upstream (open disclosure), passwords generated from within the application are insecure due to not being properly seeded.
github issue https://github.com/IJHack/QtPass/issues/338 github PR with released fix in 1.2.1 for applying to stretch version https://github.com/IJHack/QtPass/pull/342 CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18021