Hi, On Wed, May 10, 2023 at 02:18:53PM +0200, Lee Garrett wrote: > Package: osslsigncode > Version: 2.1-1 > Severity: grave > Tags: security > X-Debbugs-Cc: secur...@debian.org, deb...@rocketjump.eu, Debian Security Team > <t...@security.debian.org> > > It was reported through IRC that the current stable version of osslsigncode > contains an unpatched security vulnerability: > > https://github.com/mtrojnar/osslsigncode/releases/tag/2.3 > > Unfortunately, upstream has not assigned a CVE, and a quick glance at the > closed > bug reports didn't reveal any further details.
Can you try to get in touch with upstream for more information on those? Regards, Salvatore
