Re: Bug#935827: buster-pu: package cryptsetup/2:2.1.0-5+deb10u2
Control: tags -1 + d-i confirmed
On Mon, 2019-08-26 at 19:18 +0200, Guilhem Moulin wrote:
> Another regression was found in cryptsetup :-/ Its scope is quite
> narrow as it only affects mapped device size ≥2TiB (2³² 512-bits
> sectors) on 32-bits platforms. And AFAICT ‘crypt’ targets are not
> affected, only ‘integrity’ ones are; both standalone dm-integrity
> volumes set up with integritysetup(8), as well as volumes used for
> *experimental* authenticated disk encryption and set
> up with cryptsetup(8).
>
> In these scenarios the size overflows (due to size_t being
> incorrectly used in place of uint64_t) and the device is mapped with
> a truncated size. There is a risk of data loss if the user writes
> inside the container, for instance while trying to recover it, so
> that should IMHO be fixed via s-p-u.
>
> This is an upstream regression from 2.1.0, so Stretch is not
> affected. 2:2.2.0-3 from Sid contains the cherry-picked upstream fix,
> but Buster's 2:2.1.0-5 (and 2:2.1.0-5+deb10u1) is affected.
[...]
> Given that Buster currently has 2:2.1.0-5, should the .changes
> include all
> changes since that version, or only since 2:2.1.0-5+deb10u1?
+deb10u1 is already in the archive, so this would be no different from
any other upload. (i.e. just since +deb10u1.)
Regards,
Adam
Reply to: