Bug#477203: marked as done (cryptsetup: LUKS passphrase sometimes in cleartext)

Debian Bug Tracking System Sun, 27 Jul 2008 19:26:01 -0700

Your message dated Mon, 28 Jul 2008 02:17:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#477203: fixed in cryptsetup 2:1.0.6-4
has caused the Debian Bug report #477203,
regarding cryptsetup: LUKS passphrase sometimes in cleartext
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
477203: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477203
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems

--- Begin Message ---

Package: cryptsetup
Version: 2:1.0.6-1
Severity: grave
Tags: security
Justification: user security hole

I have an encrypted /home partition and usplash is installed. Whenever I'm
not quick enough entering the LUKS passphrase, usplash times out and in
order to continue the boot process I need to switch to tty 8 where I can
enter the passphrase. And here's the security problem: As I type, the
passphrase appears as cleartext on the screen...

cheers, Daniel


-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages cryptsetup depends on:
ii  dmsetup                      2:1.02.24-4 The Linux Kernel Device Mapper use
ii  libc6                        2.7-10      GNU C Library: Shared libraries
ii  libdevmapper1.02.1           2:1.02.24-4 The Linux Kernel Device Mapper use
ii  libpopt0                     1.10-3      lib for parsing cmdline parameters
ii  libuuid1                     1.40.8-2    universally unique id library

cryptsetup recommends no packages.

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: cryptsetup
Source-Version: 2:1.0.6-4

We believe that the bug you reported is fixed in the latest version of
cryptsetup, which is due to be installed in the Debian FTP archive:

cryptsetup-udeb_1.0.6-4_amd64.udeb
  to pool/main/c/cryptsetup/cryptsetup-udeb_1.0.6-4_amd64.udeb
cryptsetup_1.0.6-4.diff.gz
  to pool/main/c/cryptsetup/cryptsetup_1.0.6-4.diff.gz
cryptsetup_1.0.6-4.dsc
  to pool/main/c/cryptsetup/cryptsetup_1.0.6-4.dsc
cryptsetup_1.0.6-4_amd64.deb
  to pool/main/c/cryptsetup/cryptsetup_1.0.6-4_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jonas Meurer <[EMAIL PROTECTED]> (supplier of updated cryptsetup package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 28 Jul 2008 00:21:44 +0200
Source: cryptsetup
Binary: cryptsetup cryptsetup-udeb
Architecture: source amd64
Version: 2:1.0.6-4
Distribution: unstable
Urgency: medium
Maintainer: Jonas Meurer <[EMAIL PROTECTED]>
Changed-By: Jonas Meurer <[EMAIL PROTECTED]>
Description: 
 cryptsetup - configures encrypted block devices
 cryptsetup-udeb - configures encrypted block devices (udeb)
Closes: 477203 489033 490199 490300 491867 492451
Changes: 
 cryptsetup (2:1.0.6-4) unstable; urgency=medium
 .
   [ David Härdeman ]
   * Make sure $IGNORE is reset as necessary, patch by Thomas Luzat
     <[EMAIL PROTECTED]> (closes: #490199)
   * Use askpass in init scripts as well (closes: #489033, #477203)
 .
   [ Jonas Meurer ]
   * Don't copy_exec libgcc1 in cryptopensc initramfs hook, as it's already
     copied by copy_exec /usr/sbin/pcscd automaticly. Thanks to Evgeni Golov
     <[EMAIL PROTECTED]>. (closes: #490300)
   * Remove the udev rules file again as the relevant rules are now provided
     by dmsetup package which cryptsetup depends on.
   * Add splashy support to askpass, thanks to John Hughes <[EMAIL PROTECTED]>
     for the patch. (closes: #492451) The support is limited to cryptroot
     though, as splashy freezes for passphrase input dialogs from initscripts.
     Document that in README.Debian.
   * Now that askpass is used as keyscript for interactive mode, it's not
     necessary to set cryptsetup parameter '--tries=$TRIES' and TRIES=1 for
     interactive mode anymore in cryptdisks.functions.
   * Implement special treatment for random passphrases now that we use
     "--key-file=-" for all situations. Only necessary in do_noluks.
   * Fix the passphrase prompt string in initramfs/cryptroot.script to use
     $cryptsource instead of $cryptsources.
   * Major documentation cleanup for lenny:
     - Rewrite CryptoSwap.HowTo in README.Debian, remove CryptoSwap.HowTo.
     - Refer to README.initramfs instead of CryptoRoot.HowTo for encrypted root
       filesystem in README.Debian.
     - Remove outdated docs CryptoRoot.HowTo, usbcrypto.udev and gen-old-ssl-key
       as well as the decrypt_old_ssl keyscript.
     - Remove debian/TODO, didn't have any useful content anyway.
     - Fix section ''9. The "decrypt_derived" keyscript'': Add swap option to
       the example line for crypttab and other minor fixes. Thanks to
       Helmut Grohne <[EMAIL PROTECTED]>. (closes: #491867)
   * urgency=medium since important (#492451) and security (#477203) bugs get
     fixed by this upload.
Checksums-Sha1: 
 1d4d201816b8f272592b53a9375e13b244d3b829 1445 cryptsetup_1.0.6-4.dsc
 1b752b8bf6b8cdedf491a7b5a614a8c5bbad64a0 56808 cryptsetup_1.0.6-4.diff.gz
 cd565efb484787eb4b0aecacccc37a0b079c68bf 307110 cryptsetup_1.0.6-4_amd64.deb
 13e4216d238c03c21442e861147dbdd75d80a5e6 248242 
cryptsetup-udeb_1.0.6-4_amd64.udeb
Checksums-Sha256: 
 507ef528aee6f70ff695ec91a51940c8e7f2f3f118c4b110381a886c90ba6760 1445 
cryptsetup_1.0.6-4.dsc
 cbe1afec155ce3ee006680e9638be205d82363e4c2462e87b8675f68d1217da5 56808 
cryptsetup_1.0.6-4.diff.gz
 2926ef07cb7b3862f261bd26424ebafdf314661942d392439cc0830337ca43c6 307110 
cryptsetup_1.0.6-4_amd64.deb
 b2aa5ebbd38e5b5a8c30ba44a7a37503653f25f82b8ea55bf4d3929364f532dd 248242 
cryptsetup-udeb_1.0.6-4_amd64.udeb
Files: 
 cc97a55dfe31fbff7c92ae4ba090399c 1445 admin optional cryptsetup_1.0.6-4.dsc
 c615a1e5bf2eb57309d135f6cc11014f 56808 admin optional 
cryptsetup_1.0.6-4.diff.gz
 57e21a29d41bdf34ec51651eb18e0ecc 307110 admin optional 
cryptsetup_1.0.6-4_amd64.deb
 b9d1732263d7cf20fcd03143e801ef9b 248242 debian-installer optional 
cryptsetup-udeb_1.0.6-4_amd64.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkiNJeYACgkQd6lUs+JfIQIlCQCgjrxvrt/vNbuu3qTeQd9qb//A
C4cAn29J/Xx8zU1wklIxZ9A7Tltm5JU6
=uLO4
-----END PGP SIGNATURE-----

--- End Message ---

Bug#477203: marked as done (cryptsetup: LUKS passphrase sometimes in cleartext)

Reply via email to