Updated signing-party packages fix security vulnerability
Publication date: 14 Dec 2019Modification date: 14 Dec 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-11627
Description
Updated signing-party package fixes security vulnerability:
The gpg-key2ps tool in signing-party contained an unsafe shell call
enabling shell injection via a User ID (CVE-2019-11627).
References
SRPMS
7/core
- signing-party-2.10-1.mga7