CVE-2023-28371: In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal. https://github.com/Stellarium/stellarium/commit/1261f74dc4aa6bbd01ab514343424097f8cf46b7 https://github.com/Stellarium/stellarium/commit/eba61df3b38605befcb43687a4c0a159dbc0c5cb https://github.com/Stellarium/stellarium/commit/787a894897b7872ae96e6f5804a182210edd5c78 Patches in 23.1, please stabilize.
Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=30c84c89688d99c19e95672a24572fa4af864675 commit 30c84c89688d99c19e95672a24572fa4af864675 Author: Alexey Sokolov <alexey+gentoo@asokolov.org> AuthorDate: 2023-05-23 18:33:19 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-05-25 02:53:27 +0000 sci-astronomy/stellarium: drop 1.2 Bug: https://bugs.gentoo.org/905300 Signed-off-by: Alexey Sokolov <alexey+gentoo@asokolov.org> Closes: https://github.com/gentoo/gentoo/pull/31147 Signed-off-by: John Helmert III <ajak@gentoo.org> sci-astronomy/stellarium/Manifest | 6 - sci-astronomy/stellarium/stellarium-1.2.ebuild | 192 ------------------------- 2 files changed, 198 deletions(-)