GLSA 202409-30: yt-dlp: Multiple Vulnerabilities

Severity:	normal
Title:	yt-dlp: Multiple Vulnerabilities
Date:	09/28/2024
Bugs:	#909780, #917355, #935316
ID:	202409-30

Synopsis

Multiple vulnerabilities have been found in yt-dlp, the worst of which could result in arbitrary code execution.

Background

yt-dlp is a youtube-dl fork with additional features and fixes.

Affected packages

Package	Vulnerable	Unaffected	Architecture(s)
net-misc/yt-dlp	< 2024.07.01	>= 2024.07.01	All supported architectures

Description

Multiple vulnerabilities have been found in yt-dlp. Please review the referenced CVE identifiers for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All yt-dlp users should upgrade to the latest version:

          # emerge --sync
          # emerge --ask --oneshot --verbose ">=net-misc/yt-dlp-2024.07.01"
        

References

• CVE-2024-38519
• CVE-2023-46121
• CVE-2023-35934

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-202409-30.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.