On Wed, 01 May 2019 at 12:46:12 +0200, Guilhem Moulin wrote: > gpg-key2ps(1) from signing-party 2.9-1 is vulnerable to CVE-2018-15599: > unsafe shell call enabling shell injection via a User ID.
Erm that should be CVE-2019-11627, and the changelog is wrong as well. Would you like me to upload a 2.10-1 with a fixed debian/changelog? -- Guilhem.
signature.asc
Description: PGP signature