[Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-26331/yt-dlp
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 24 21:31:06 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3c286279 by Salvatore Bonaccorso at 2026-02-24T22:30:19+01:00
Update status for CVE-2026-26331/yt-dlp
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -472,7 +472,9 @@ CVE-2026-26981 (OpenEXR provides the specification and reference implementation
NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/openexr/commit/d2be382758adc3e9ab83a3de35138ec28d93ebd8 (v3.3.7-rc)
CVE-2026-26331 (yt-dlp is a command-line audio/video downloader. Starting in version 2 ...)
- yt-dlp 2026.02.21-1
+ [bookworm] - yt-dlp <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-g3gw-q23r-pgqm
+ NOTE: Introduced with: https://github.com/yt-dlp/yt-dlp/commit/db3ad8a67661d7b234a6954d9c6a4a9b1749f5eb (2023.06.21)
NOTE: Fixed by: https://github.com/yt-dlp/yt-dlp/commit/1fbbe29b99dc61375bf6d786f824d9fcf6ea9c1a (2026.02.21)
CVE-2026-26284 (ImageMagick is free and open-source software used for editing and mani ...)
- imagemagick <unfixed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c286279f9632704ccedfc9e45fc86b45f62f3be
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c286279f9632704ccedfc9e45fc86b45f62f3be
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260224/52f653b5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list