Subject: youtube-dl: GHSA-22fp-mf44-f2mq GHSA-9jqj-9wwh-r5mg Source: youtube-dl Version: 2021.12.17-1~bpo11+1 X-Debbugs-Cc: debian-lts@lists.debian.org Severity: grave Justification: user security hole Tags: security upstream
Hi, The following vulnerabilities were published for youtube-dl. GHSA-22fp-mf44-f2mq[0]: | File system modification and remote code execution through unchecked file | extension GHSA-9jqj-9wwh-r5mg[1]: | File Downloader cookie leak in youtube-dl If you fix the vulnerabilities please also make sure to include the GHSA ids in your changelog entry. For further information see: [0] https://github.com/dirkf/youtube-dl/security/advisories/GHSA-22fp-mf44-f2mq https://github.com/ytdl-org/youtube-dl/issues/32832 https://github.com/ytdl-org/youtube-dl/pull/32830 [1] https://github.com/dirkf/youtube-dl/security/advisories/GHSA-9jqj-9wwh-r5mg https://github.com/ytdl-org/youtube-dl/issues/32832 https://github.com/ytdl-org/youtube-dl/pull/32445 Please adjust the affected versions in the BTS as needed.
signature.asc
Description: OpenPGP digital signature