openSUSE has issued an advisory on May 13:
The issue is fixed upstream in 2.10.
Updated signing-party package fixes security vulnerability:
The gpg-key2ps tool in signing-party contained an unsafe shell call enabling
shell injection via a User ID (CVE-2019-11627).
Updated packages in core/updates_testing:
MGA7-64 Plasma on Lenovo B50
No istallation issues
No idea what to test here. Googled and found https://www.cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html#overview which is hardly encouraging me that there is a simple wat to test this.
Apparently installing this does not blow up anything else.