"I have just released 2.0.47. It fixes an issue that could allow a specially crafted .apkg file to write files outside the media folder during import. AnkiWeb shared decks were not affected, but upgrading is strongly recommended if you import .apkg files from third party sources. A big thanks to David Bailey for discovering this issue." [1] [1]: https://anki.tenderapp.com/discussions/announcements/122-security-issue-in-apkg-imports-from-third-party-sources-on-anki-2047
Done.
Silly me, don't close bugs with security@ in CC
Thank you Patrick, could you please confirm if prior versions are affected? If that's the case please call for stabilization or let us know. Gentoo Security Padawan ChrisADR
this outdated version was removed from the tree some time ago. it appears now that this report is obsolete, so the ticket can be closed.
Affected ebuilds were removed via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c256849563d19e023385ef4cf9f55a550815359a Stable version removed via bug 639354. GLSA Vote: No. Repository is clean, all done.