CVE-2023-28371: In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal. https://github.com/Stellarium/stellarium/commit/1261f74dc4aa6bbd01ab514343424097f8cf46b7 https://github.com/Stellarium/stellarium/commit/eba61df3b38605befcb43687a4c0a159dbc0c5cb https://github.com/Stellarium/stellarium/commit/787a894897b7872ae96e6f5804a182210edd5c78 Patches in 23.1, please stabilize.
Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=30c84c89688d99c19e95672a24572fa4af864675 commit 30c84c89688d99c19e95672a24572fa4af864675 Author: Alexey Sokolov <alexey+gentoo@asokolov.org> AuthorDate: 2023-05-23 18:33:19 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-05-25 02:53:27 +0000 sci-astronomy/stellarium: drop 1.2 Bug: https://bugs.gentoo.org/905300 Signed-off-by: Alexey Sokolov <alexey+gentoo@asokolov.org> Closes: https://github.com/gentoo/gentoo/pull/31147 Signed-off-by: John Helmert III <ajak@gentoo.org> sci-astronomy/stellarium/Manifest | 6 - sci-astronomy/stellarium/stellarium-1.2.ebuild | 192 ------------------------- 2 files changed, 198 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=a8f97908f4480a9712a58f19cfe3dc3ebda24e3f commit a8f97908f4480a9712a58f19cfe3dc3ebda24e3f Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-07-05 17:31:39 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-07-05 17:32:03 +0000 [ GLSA 202407-18 ] Stellarium: Arbitrary File Write Bug: https://bugs.gentoo.org/905300 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202407-18.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+)
