[Git][security-tracker-team/security-tracker][master] Add youtuble-dl tracking for two CVEs originating form yt-dlp
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Aug 24 09:32:20 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a685d81d by Salvatore Bonaccorso at 2024-08-24T10:31:43+02:00
Add youtuble-dl tracking for two CVEs originating form yt-dlp
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13064,9 +13064,11 @@ CVE-2024-38537 (Fides is an open-source privacy engineering platform. `fides.js`
NOT-FOR-US: Fides
CVE-2024-38519 (`yt-dlp` and `youtube-dl` are command-line audio/video downloaders. Pr ...)
- yt-dlp 2024.07.01-1 (unimportant)
+ - youtube-dl <removed> (unimportant; bug #1079502)
NOTE: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j
NOTE: https://github.com/yt-dlp/yt-dlp/commit/5ce582448ececb8d9c30c8c31f58330090ced03a (2024.07.01)
NOTE: https://securitylab.github.com/advisories/GHSL-2024-090_yt-dlp/
+ NOTE: https://github.com/dirkf/youtube-dl/security/advisories/GHSA-22fp-mf44-f2mq
NOTE: Exploitable issue under Windows
CVE-2024-37185 (in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbit ...)
NOT-FOR-US: OpenHarmony
@@ -94976,10 +94978,13 @@ CVE-2023-35934 (yt-dlp is a command-line program to download videos from video s
- yt-dlp 2023.07.06-1 (bug #1040595)
[bookworm] - yt-dlp <no-dsa> (Minor issue)
[bullseye] - yt-dlp <no-dsa> (Minor issue)
+ - youtube-dl <removed> (bug #1079502)
+ [bookworm] - youtube-dl <no-dsa> (Minor issue)
NOTE: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-v8mc-9377-rwjj
NOTE: https://github.com/yt-dlp/yt-dlp/commit/1ceb657bdd254ad961489e5060f2ccc7d556b729
NOTE: https://github.com/yt-dlp/yt-dlp/commit/3121512228487c9c690d3d39bfd2579addf96e07
NOTE: https://github.com/yt-dlp/yt-dlp/commit/f8b4bcc0a791274223723488bfbfc23ea3276641
+ NOTE: https://github.com/dirkf/youtube-dl/security/advisories/GHSA-9jqj-9wwh-r5mg
CVE-2023-34193 (File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated ...)
NOT-FOR-US: Zimbra
CVE-2023-34192 (Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a rem ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a685d81df2362bff26454558d15af872f2c5f5ea
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a685d81df2362bff26454558d15af872f2c5f5ea
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240824/7471a440/attachment.htm>
More information about the debian-security-tracker-commits
mailing list