Bug#1079502: youtube-dl: GHSA-22fp-mf44-f2mq GHSA-9jqj-9wwh-r5mg

To: submit@bugs.debian.org
Subject: Bug#1079502: youtube-dl: GHSA-22fp-mf44-f2mq GHSA-9jqj-9wwh-r5mg
From: alexvong.rcrf5@simplelogin.com
Date: Sat, 24 Aug 2024 02:08:20 +0000
Message-id: <[🔎] 172446530403.7.10124717095808847129.414213832@simplelogin.com>
Reply-to: alexvong.rcrf5@simplelogin.com, 1079502@bugs.debian.org

Subject: youtube-dl: GHSA-22fp-mf44-f2mq GHSA-9jqj-9wwh-r5mg
Source: youtube-dl
Version: 2021.12.17-1~bpo11+1
X-Debbugs-Cc: debian-lts@lists.debian.org
Severity: grave
Justification: user security hole
Tags: security upstream

Hi,

The following vulnerabilities were published for youtube-dl.

GHSA-22fp-mf44-f2mq[0]:
| File system modification and remote code execution through unchecked file
| extension
GHSA-9jqj-9wwh-r5mg[1]:
| File Downloader cookie leak in youtube-dl

If you fix the vulnerabilities please also make sure to include the
GHSA ids in your changelog entry.

For further information see:

[0] https://github.com/dirkf/youtube-dl/security/advisories/GHSA-22fp-mf44-f2mq
    https://github.com/ytdl-org/youtube-dl/issues/32832
    https://github.com/ytdl-org/youtube-dl/pull/32830
[1] https://github.com/dirkf/youtube-dl/security/advisories/GHSA-9jqj-9wwh-r5mg
    https://github.com/ytdl-org/youtube-dl/issues/32832
    https://github.com/ytdl-org/youtube-dl/pull/32445

Please adjust the affected versions in the BTS as needed.

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: Bug#1079502: youtube-dl: GHSA-22fp-mf44-f2mq GHSA-9jqj-9wwh-r5mg
  - From: Santiago Ruano Rincón <santiagorr@riseup.net>

Prev by Date: Re: Move tasks from salsa to gitlab?
Next by Date: Re: Move tasks from salsa to gitlab?
Previous by thread: Re: Move tasks from salsa to gitlab?
Next by thread: Re: Bug#1079502: youtube-dl: GHSA-22fp-mf44-f2mq GHSA-9jqj-9wwh-r5mg
Index(es):
- Date
- Thread