[Git][security-tracker-team/security-tracker][master] Add youtuble-dl tracking for two CVEs originating form yt-dlp

Sat, 24 Aug 2024 01:32:34 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a685d81d by Salvatore Bonaccorso at 2024-08-24T10:31:43+02:00
Add youtuble-dl tracking for two CVEs originating form yt-dlp

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13064,9 +13064,11 @@ CVE-2024-38537 (Fides is an open-source privacy 
engineering platform. `fides.js`
        NOT-FOR-US: Fides
 CVE-2024-38519 (`yt-dlp` and `youtube-dl` are command-line audio/video 
downloaders. Pr ...)
        - yt-dlp 2024.07.01-1 (unimportant)
+       - youtube-dl <removed> (unimportant; bug #1079502)
        NOTE: 
https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j
        NOTE: 
https://github.com/yt-dlp/yt-dlp/commit/5ce582448ececb8d9c30c8c31f58330090ced03a
 (2024.07.01)
        NOTE: https://securitylab.github.com/advisories/GHSL-2024-090_yt-dlp/
+       NOTE: 
https://github.com/dirkf/youtube-dl/security/advisories/GHSA-22fp-mf44-f2mq
        NOTE: Exploitable issue under Windows
 CVE-2024-37185 (in OpenHarmony v4.0.0 and prior versions allow a remote 
attacker arbit ...)
        NOT-FOR-US: OpenHarmony
@@ -94976,10 +94978,13 @@ CVE-2023-35934 (yt-dlp is a command-line program to 
download videos from video s
        - yt-dlp 2023.07.06-1 (bug #1040595)
        [bookworm] - yt-dlp <no-dsa> (Minor issue)
        [bullseye] - yt-dlp <no-dsa> (Minor issue)
+       - youtube-dl <removed> (bug #1079502)
+       [bookworm] - youtube-dl <no-dsa> (Minor issue)
        NOTE: 
https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-v8mc-9377-rwjj
        NOTE: 
https://github.com/yt-dlp/yt-dlp/commit/1ceb657bdd254ad961489e5060f2ccc7d556b729
        NOTE: 
https://github.com/yt-dlp/yt-dlp/commit/3121512228487c9c690d3d39bfd2579addf96e07
        NOTE: 
https://github.com/yt-dlp/yt-dlp/commit/f8b4bcc0a791274223723488bfbfc23ea3276641
+       NOTE: 
https://github.com/dirkf/youtube-dl/security/advisories/GHSA-9jqj-9wwh-r5mg
 CVE-2023-34193 (File Upload vulnerability in Zimbra ZCS 8.8.15 allows an 
authenticated ...)
        NOT-FOR-US: Zimbra
 CVE-2023-34192 (Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 
allows a rem ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a685d81df2362bff26454558d15af872f2c5f5ea

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a685d81df2362bff26454558d15af872f2c5f5ea
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to