[Git][security-tracker-team/security-tracker][master] Add CVE-2024-22423/yt-dlp
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 10 07:06:13 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2898b65c by Salvatore Bonaccorso at 2024-04-10T08:05:44+02:00
Add CVE-2024-22423/yt-dlp
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -544,7 +544,11 @@ CVE-2024-23671 (A improper limitation of a pathname to a restricted directory ('
CVE-2024-23662 (An exposure of sensitive information to an unauthorized actor in Forti ...)
NOT-FOR-US: FortiGuard
CVE-2024-22423 (yt-dlp is a youtube-dl fork with additional features and fixes. The pa ...)
- TODO: check
+ - yt-dlp <not-affected> (Windows-specific)
+ NOTE: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p
+ NOTE: Fixed by: https://github.com/yt-dlp/yt-dlp/commit/ff07792676f404ffff6ee61b5638c9dc1a33a37a (2024.04.09)
+ NOTE: https://github.com/yt-dlp/yt-dlp/releases/tag/2024.04.09
+ NOTE: Issue exists because of incomplete fix to address CVE-2023-40581
CVE-2024-21756 (A improper neutralization of special elements used in an os command (' ...)
NOT-FOR-US: FortiGuard
CVE-2024-21755 (A improper neutralization of special elements used in an os command (' ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2898b65c9ebba804a9aa88c2d465620bfb83e1e4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2898b65c9ebba804a9aa88c2d465620bfb83e1e4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240410/3b1a6a5e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list