Descriptionexecutes javascript code downloaded from insecure URL
SourceAutomatically generated temporary name. Not for external reference.
Debian Bugs870233

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
smplayer (PTS)jessie14.9.0~ds0-1vulnerable
buster, sid18.5.0~ds1-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
smplayersourcewheezy(not affected)


[stretch] - smplayer <no-dsa> (Minor issue)
[jessie] - smplayer <no-dsa> (Minor issue)
[wheezy] - smplayer <not-affected> (vulnerable code not present)
The version tracking here is not 100% since the vulnerable code still would
be present in the source. Users though need to explicitly rebuilt the package
changing the upstream pro file to enable YT_USE_YTSIG. YT_USE_YTSIG is
disabled by default on upstream since 17.2.0

Search for package or bug name: Reporting problems