Candidate: CVE-2017-18021
PublicDate: 2018-01-05 19:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18021
 https://lists.zx2c4.com/pipermail/password-store/2018-January/003165.html
 https://github.com/IJHack/QtPass/issues/338
 https://github.com/IJHack/QtPass/releases/tag/v1.2.1
 https://qtpass.org/
Description:
 It was discovered that QtPass before 1.2.1, when using the built-in
 password generator, generates possibly predictable and enumerable
 passwords. This only applies to the QtPass GUI.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Jason A. Donenfeld
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_qtpass:
upstream_qtpass: released (1.2.1-1)
precise/esm_qtpass: DNE
trusty_qtpass: DNE
trusty/esm_qtpass: DNE
xenial_qtpass: ignored (end of standard support, was needed)
zesty_qtpass: ignored (reached end-of-life)
artful_qtpass: released (1.1.6-1ubuntu0.1)
bionic_qtpass: not-affected (1.2.1-1)
cosmic_qtpass: not-affected (1.2.1-1)
disco_qtpass: not-affected (1.2.1-1)
eoan_qtpass: not-affected (1.2.1-1)
focal_qtpass: not-affected (1.2.1-1)
groovy_qtpass: not-affected (1.2.1-1)
hirsute_qtpass: not-affected (1.2.1-1)
impish_qtpass: not-affected (1.2.1-1)
jammy_qtpass: not-affected (1.2.1-1)
devel_qtpass: not-affected (1.2.1-1)