[pkg-cryptsetup-devel] Bug#860981: Bug#860981: CVE-2016-4484 still Exists
??. ?
taisfmq at live.cn
Fri May 12 09:01:30 UTC 2017
Dear Guilhem,
Well when installing a Debian system and enabling encryption in https://anonscm.debian.org/cgit/d-i/partman-crypto.git/, the `panic` kernel parameter will not be automatically added, so I don't think everyone who has enabled full-disk encryption will disable the debug shell. If necessary, I think we should contact the d-i team.
More importantly, the claim that the security hole has been fixed by patches, while actually not, is misleading and confusing. I don't think it is appropriate to do actually NOTHING for even a trivial bug; at least we should have a sign noticing the problem here and avoiding unnecessary troubles for future users. Thank you.
Regards,
XU Guang-zhao
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20170512/81497bf7/attachment.html>
More information about the pkg-cryptsetup-devel
mailing list