Control: retitle -1 gpg-key2ps: CVE-2019-11627: Shell injection vulnerability
in UIDs rendering
On Tue, Apr 30, 2019 at 07:45:42PM +0200, Guilhem Moulin wrote:
> Package: signing-party
> Version: 1.1-1
> Severity: important
> Tags: security
> File: /usr/bin/gpg-key2ps
>
> Stefan `Sec` Zehl disov
Package: signing-party
Version: 1.1-1
Severity: important
Tags: security
File: /usr/bin/gpg-key2ps
Stefan `Sec` Zehl disovered an unsafe shell call in gpg-key2ps(1),
enabling shell injection in User-IDs:
$ export GNUPGHOME="$(mktemp --tmpdir --directory)"
$ gpg --passphrase "" --batch --q
2 matches
Mail list logo
