Package: encfs Version: 1.9.1-3 Severity: serious thanks
Recently, a change in Encfs was found to have broken cryptkeeper, causing it to use the password 'p' for all operations, regardless of user input (#852751)[3]. The bug was closed by removing cryptkeeper from Debian. The issue, however, remains. Sirikali, which manages multiple userspace filesystems including Encfs, suffers from the same failure (#853874). An upstream Encfs representative has indicated that the problem will be fixed there [1], though no change has been pushed to date [2]. The overall issue should be RC critical for Stretch. I've marked this as 'serious', indicating that the problem will be fixed in Encfs for the Stretch release. If this is not the case, close or demote, and I'll elevate in Sirikali. [1] https://github.com/tomm/cryptkeeper/issues/23#issuecomment-276304206 [2] https://github.com/vgough/encfs [3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852751 -- AE0D BF5A 92A5 ADE4 9481 BA6F 8A31 71EF 3661 50CE
signature.asc
Description: GooPG digital signature