Hi, Anyone know why cryptsetup isn't updated to 2.3? I asked Andrew, and it appears that Qubes 4.1 is using 1.7..5 cryptsetup.. 2.2 cryptsetup has a vulnerability in it. https://nvd.nist.gov/vuln/detail/CVE-2020-14382#match-5995976 .
https://gitlab.com/cryptsetup/cryptsetup/-/wikis/FrequentlyAskedQuestions Though, since 1.7 the default hash is SHA256 ("LUKS1 used SHA1 (since version 1.7.0 it uses SHA256)". Andrew suggested I post this in the mailing list. Thanks, Mason -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAOebxSS%3Dh%2B6kfpxiHSYfoWoFUQ3nZv7ZbqytizKYUPDJ1vRKnw%40mail.gmail.com.
