CVE-2021-29488: SABnzbd is an open source binary newsreader. A vulnerability was discovered in SABnzbd that could trick the `filesystem.renamer()` function into writing downloaded files outside the configured Download Folder via malicious PAR2 files. A patch was released as part of SABnzbd 3.2.1RC1. As a workaround, limit downloads to NZBs without PAR2 files, deny write permissions to the SABnzbd process outside areas it must access to perform its job, or update to a fixed version. Fix is in 3.2.1, please bump.
Package list is empty or all packages have requested keywords.
commit 58c900dfcec55396d2818b36d7724db65f669068 Author: Thomas Deutschmann <whissi@gentoo.org> Date: Thu Apr 1 00:18:49 2021 +0200 net-nntp/sabnzbd: bump to v3.2.1 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
Vulnerable packages are no longer in portage, can this be marked resolved?
Sure. No GLSA, all done.