TEMP-0870233-1DD19E

NameTEMP-0870233-1DD19E
Descriptionexecutes javascript code downloaded from insecure URL
SourceAutomatically generated temporary name. Not for external reference.
Debian Bugs870233

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
smplayer (PTS)jessie14.9.0~ds0-1vulnerable
stretch16.11.0~ds0-1+deb9u1vulnerable
buster18.10.0~ds0-1fixed
bullseye20.6.0~ds0-1fixed
bookworm22.7.0~ds0-1fixed
sid, trixie24.5.0+ds-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
smplayersourcewheezy(not affected)
smplayersource(unstable)17.7.0~ds0-1low870233

Notes

[stretch] - smplayer <no-dsa> (Minor issue)
[jessie] - smplayer <no-dsa> (Minor issue)
[wheezy] - smplayer <not-affected> (vulnerable code not present)
The version tracking here is not 100% since the vulnerable code still would
be present in the source. Users though need to explicitly rebuilt the package
changing the upstream pro file to enable YT_USE_YTSIG. YT_USE_YTSIG is
disabled by default on upstream since 17.2.0

Search for package or bug name: Reporting problems