Control: tag -1 - moreinfo Control: retitle -1 unblock: signing-party/2.10-2 Hi Ivo, On Sun, 05 May 2019 at 14:44:31 +0200, Ivo De Decker wrote: > On Wed, May 01, 2019 at 01:44:08PM +0200, Guilhem Moulin wrote: >> On Wed, 01 May 2019 at 12:46:12 +0200, Guilhem Moulin wrote: >>> gpg-key2ps(1) from signing-party 2.9-1 is vulnerable to CVE-2018-15599: >>> unsafe shell call enabling shell injection via a User ID. >> >> Erm that should be CVE-2019-11627, and the changelog is wrong as well. >> Would you like me to upload a 2.10-1 with a fixed debian/changelog? > > You can't upload 2.10-1 again, so that would need to be 2.10-2. Ah right sorry, I meant 2.10-2 indeed. > If you do so, please remove the moreinfo tag from this bug once the > new package is in unstable. I guess you noticed the upload :-) Or does the closing only applies to signing-party/2.10-1? -- Guilhem.
Attachment:
signature.asc
Description: PGP signature