From fd888e850cf413955483bfb993aeeea5ea611289 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Wed, 17 Apr 2024 10:06:26 +0200
Subject: Adding debian version 2:2.6.1-4~deb12u2.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 debian/cryptsetup-initramfs.NEWS | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 debian/cryptsetup-initramfs.NEWS

(limited to 'debian/cryptsetup-initramfs.NEWS')

diff --git a/debian/cryptsetup-initramfs.NEWS b/debian/cryptsetup-initramfs.NEWS
new file mode 100644
index 0000000..0f60251
--- /dev/null
+++ b/debian/cryptsetup-initramfs.NEWS
@@ -0,0 +1,15 @@
+cryptsetup (2:2.0.3-2) unstable; urgency=medium
+
+    In order to defeat online brute-force attacks, the initramfs boot
+    script sleeps for 1 second after each failed try.  On the other
+    hand, it no longer sleeps for a full minute after exceeding the
+    maximum number of unlocking tries.  This behavior was added in
+    2:1.7.3-2 as an attempt to mitigate CVE-2016-4484; to avoid dropping
+    to the debug shell after exceeding the maximum number of unlocking
+    tries, users need to use the 'panic' boot parameter and lock down
+    their boot loader & BIOS/UEFI.
+
+    The initramfs hook nows uses /proc/mounts instead of /etc/fstab to
+    detect the root device that is to be unlocked at initramfs stage.
+
+ -- Guilhem Moulin <guilhem@debian.org>  Fri, 15 Jun 2018 18:50:56 +0200
-- 
cgit v1.2.3