VYPR

rpm package

opensuse/signing-party&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/signing-party&distro=openSUSE%20Tumbleweed

Vulnerabilities (2)

  • CVE-2019-11627CriApr 30, 2019
    affected < 2.11-1.3fixed 2.11-1.3

    gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID.

  • CVE-2018-15599MedAug 21, 2018
    affected < 2.11-1.3fixed 2.11-1.3

    The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase.