Add CVE-2024-22423/yt-dlp

author: Salvatore Bonaccorso <carnil@debian.org> 2024-04-10 08:05:44 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2024-04-10 08:05:44 +0200
commit: 2898b65c9ebba804a9aa88c2d465620bfb83e1e4 (patch)
tree: 09735bdf5b20c34b5aba576150f1d8a92565698e /data
parent: 9cc973373e2d4acc6f3e3228b57eea5798949693 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 1995ff5bfb..9594ecc08b 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -544,7 +544,11 @@ CVE-2024-23671 (A improper limitation of a pathname to a restricted directory ('
 CVE-2024-23662 (An exposure of sensitive information to an unauthorized actor in Forti ...)
 	NOT-FOR-US: FortiGuard
 CVE-2024-22423 (yt-dlp is a youtube-dl fork with additional features and fixes. The pa ...)
-	TODO: check
+	- yt-dlp <not-affected> (Windows-specific)
+	NOTE: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p
+	NOTE: Fixed by: https://github.com/yt-dlp/yt-dlp/commit/ff07792676f404ffff6ee61b5638c9dc1a33a37a (2024.04.09)
+	NOTE: https://github.com/yt-dlp/yt-dlp/releases/tag/2024.04.09
+	NOTE: Issue exists because of incomplete fix to address CVE-2023-40581
 CVE-2024-21756 (A improper neutralization of special elements used in an os command (' ...)
 	NOT-FOR-US: FortiGuard
 CVE-2024-21755 (A improper neutralization of special elements used in an os command (' ...)
author	Salvatore Bonaccorso <carnil@debian.org>	2024-04-10 08:05:44 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2024-04-10 08:05:44 +0200
commit	2898b65c9ebba804a9aa88c2d465620bfb83e1e4 (patch)
tree	09735bdf5b20c34b5aba576150f1d8a92565698e /data
parent	9cc973373e2d4acc6f3e3228b57eea5798949693 (diff)