Anyone know why cryptsetup isn’t updated to 2.3? I asked Andrew, and it appears that Qubes 4.1 is using 1.7…5 cryptsetup… 2.2 cryptsetup has a vulnerability in it. https://nvd.nist.gov/vuln/detail/CVE-2020-14382#match-5995976 .
https://gitlab.com/cryptsetup/cryptsetup/-/wikis/FrequentlyAskedQuestions Though, since 1.7 the default hash is SHA256 (“LUKS1 used SHA1 (since version 1.7.0 it uses SHA256)”.
Andrew suggested I post this in the mailing list.