-
signing-party (2.10-2) unstable; urgency=high
* gpg-key2ps: Security fix for CVE-2019-11627: unsafe shell call enabling
shell injection via a User ID. Use Perl's (core) module Encode.pm instead
of shelling out to `iconv`. (Closes: #928256.)
-- Guilhem Moulin <email address hidden> Sun, 05 May 2019 15:13:54 +0200
-
signing-party (2.10-1) unstable; urgency=high
* gpg-key2ps: Security fix for CVE-2018-15599: unsafe shell call enabling
shell injection via a User ID. Use Perl's (core) module Encode.pm instead
of shelling out to `iconv`. (Closes: #928256.)
-- Guilhem Moulin <email address hidden> Wed, 01 May 2019 12:21:59 +0200
-
signing-party (2.9-1) unstable; urgency=medium
* gpglist:
+ When --signer's argument is a long keyid or fingerprint, don't require
the key to be present in the keyring. This enable filtering on unknown
signing keys.
+ Don't choke on direct-key signatures. (Closes: #921331.)
* gpgparticipants:
+ Improve quoting and replace `echo` with `printf`.
+ Avoid including subkey fingerprints when gpg.conf contains 'fingerprint'.
-- Guilhem Moulin <email address hidden> Fri, 01 Mar 2019 15:39:40 +0100