Bug#928291: unblock: signing-party/2.10-1

To: 928291@bugs.debian.org
Subject: Bug#928291: unblock: signing-party/2.10-1
From: Guilhem Moulin <guilhem@debian.org>
Date: Wed, 1 May 2019 13:44:08 +0200
Message-id: <[🔎] 20190501114408.GA8345@debian.org>
Reply-to: Guilhem Moulin <guilhem@debian.org>, 928291@bugs.debian.org
In-reply-to: <[🔎] 20190501104612.GA23900@debian.org>
References: <[🔎] 20190501104612.GA23900@debian.org> <[🔎] 20190501104612.GA23900@debian.org>

On Wed, 01 May 2019 at 12:46:12 +0200, Guilhem Moulin wrote:
> gpg-key2ps(1) from signing-party 2.9-1 is vulnerable to CVE-2018-15599:
> unsafe shell call enabling shell injection via a User ID.

Erm that should be CVE-2019-11627, and the changelog is wrong as well.
Would you like me to upload a 2.10-1 with a fixed debian/changelog?

-- 
Guilhem.

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Bug#928291: unblock: signing-party/2.10-1
  - From: Ivo De Decker <ivodd@debian.org>

References:
- Bug#928291: unblock: signing-party/2.10-1
  - From: Guilhem Moulin <guilhem@debian.org>

Prev by Date: Bug#928292: stretch-pu: package signing-party/2.5-1
Next by Date: Bug#928292: stretch-pu: package signing-party/2.5-1
Previous by thread: Bug#928291: unblock: signing-party/2.10-1
Next by thread: Bug#928291: unblock: signing-party/2.10-1
Index(es):
- Date
- Thread