Hi, On Wed, May 10, 2023 at 02:18:53PM +0200, Lee Garrett wrote: > Package: osslsigncode > Version: 2.1-1 > Severity: grave > Tags: security > X-Debbugs-Cc: [email protected], [email protected], Debian Security Team > <[email protected]> > > It was reported through IRC that the current stable version of osslsigncode > contains an unpatched security vulnerability: > > https://github.com/mtrojnar/osslsigncode/releases/tag/2.3 > > Unfortunately, upstream has not assigned a CVE, and a quick glance at the > closed > bug reports didn't reveal any further details.
Can you try to get in touch with upstream for more information on those? Regards, Salvatore
