Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

yt-dlp: Multiple Vulnerabilities — GLSA 202409-30

Multiple vulnerabilities have been found in yt-dlp, the worst of which could result in arbitrary code execution.

Affected packages

Package net-misc/yt-dlp on all architectures
Affected versions < 2024.07.01
Unaffected versions >= 2024.07.01

Background

yt-dlp is a youtube-dl fork with additional features and fixes.

Description

Multiple vulnerabilities have been found in yt-dlp. Please review the referenced CVE identifiers for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All yt-dlp users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/yt-dlp-2024.07.01"

References

Release date
September 28, 2024

Latest revision
September 28, 2024: 1

Severity
normal

Exploitable
remote

Bugzilla entries