Comment 1 for bug 1747954

Hi,

QtPass uses `pwgen` to generate passwords by default. This means, if you didn't change the configuration to use the built-in password generator your passwords are safe. If you used the built-in password generator, change all passwords you generated with QtPass.

So, the number of affected people using the Ubuntu/Debian version should be rather low. Nonetheless there are fixed version available in bionic and I prepared a fix for qtpass 1.1.6 (the version in artful) which Ubuntu could copy from Debian stable-proposed-updates.

You should point the Ubuntu security team to the fixed version for artful (1.1.6-1+deb9u1) and ask them to copy it from Debian s-p-u.

Hope that helps

Philip