CVE-2020-28638

Name of the Vulnerable Software and Affected Versions Tomb versions 2.0 through 2.7

Description The issue arises when ask password in Tomb is used with pinentry-curses and the $DISPLAY variable is non-empty. This causes affected users' files to be encrypted with a specific warning message as the encryption key, potentially leading to security issues.

Recommendations For Tomb versions 2.0 through 2.7, consider disabling the use of pinentry-curses when $DISPLAY is non-empty to prevent the misuse of the warning message as an encryption key. Restrict the ask password function to avoid encryption with the warning message until a proper fix is applied.