Bug 14135

Summary:	[CVE 21] yt-dlp CVEs
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Vladimir Potapov <v.potapov>
Component:	Preinstalled software in the ISO	Assignee:	ROSA Linux Bugs <bugs>
Status:	VERIFIED FIXED	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	critical
Priority:	Highest	CC:	a.proklov, m.novosyolov
Version:	All	Flags:	v.potapov: qa_verified+ v.potapov: secteam_verified? a.proklov: published+
Target Milestone:	---
Hardware:	All
OS:	Linux
URL:	CVE-2023-40581
Whiteboard:
Platform:	---	ROSA Vulnerability identifier:
RPM Package:		ISO-related:
Bad POT generating:		Upstream:

Description Vladimir Potapov 2023-12-08 13:16:41 MSK

https://nvd.nist.gov/vuln/detail/CVE-2023-40581 HIGH

Comment 1 Mikhail Novosyolov 2023-12-08 13:54:27 MSK

********** QA ADVISORY ************

yt-dlp
https://abf.io/build_lists/4884803
https://abf.io/build_lists/4884804
https://abf.io/build_lists/4884805
https://abf.io/build_lists/4884806
https://abf.io/build_lists/4884807

Comment 2 Mikhail Novosyolov 2023-12-08 14:12:01 MSK

Новые сборки:

yt-dlp 2023.07.06-2
https://abf.io/build_lists/4884819
https://abf.io/build_lists/4884820
https://abf.io/build_lists/4884821
https://abf.io/build_lists/4884822
https://abf.io/build_lists/4884823

Comment 3 Vladimir Potapov 2023-12-08 15:25:20 MSK

************************************
The update sent to testings

Comment 4 Vladimir Potapov 2023-12-14 17:09:11 MSK

yt-dlp-2023.07.06-2
https://abf.io/build_lists/4884819
https://abf.io/build_lists/4884820
https://abf.io/build_lists/4884821
https://abf.io/build_lists/4884822
https://abf.io/build_lists/4884823
************************** Advisory ************************
CVE closed by patch
************************************************************
QA Verified