QtPass uses `pwgen` to generate passwords by default. This means, if you didn't change the configuration to use the built-in password generator your passwords are safe. If you used the built-in password generator, change all passwords you generated with QtPass.
So, the number of affected people using the Ubuntu/Debian version should be rather low. Nonetheless there are fixed version available in bionic and I prepared a fix for qtpass 1.1.6 (the version in artful) which Ubuntu could copy from Debian stable-proposed-updates.
You should point the Ubuntu security team to the fixed version for artful (1.1.6-1+deb9u1) and ask them to copy it from Debian s-p-u.
Hi,
QtPass uses `pwgen` to generate passwords by default. This means, if you didn't change the configuration to use the built-in password generator your passwords are safe. If you used the built-in password generator, change all passwords you generated with QtPass.
So, the number of affected people using the Ubuntu/Debian version should be rather low. Nonetheless there are fixed version available in bionic and I prepared a fix for qtpass 1.1.6 (the version in artful) which Ubuntu could copy from Debian stable- proposed- updates.
You should point the Ubuntu security team to the fixed version for artful (1.1.6-1+deb9u1) and ask them to copy it from Debian s-p-u.
Hope that helps
Philip