TEMP-0870233-1DD19E

NameTEMP-0870233-1DD19E
Descriptionexecutes javascript code downloaded from insecure URL
SourceAutomatically generated temporary name. Not for external reference.
Debian Bugs870233

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
smplayer (PTS)wheezy0.8.0-1+deb7u1fixed
jessie14.9.0~ds0-1vulnerable
stretch16.11.0~ds0-1+deb9u1vulnerable
buster, sid18.2.2~ds0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
smplayersource(unstable)17.7.0~ds0-1low870233
smplayersourcewheezy(not affected)

Notes

[stretch] - smplayer <no-dsa> (Minor issue)
[jessie] - smplayer <no-dsa> (Minor issue)
[wheezy] - smplayer <not-affected> (vulnerable code not present)
The version tracking here is not 100% since the vulnerable code still would
be present in the source. Users though need to explicitly rebuilt the package
changing the upstream pro file to enable YT_USE_YTSIG. YT_USE_YTSIG is
disabled by default on upstream since 17.2.0

Search for package or bug name: Reporting problems