Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 905300 (CVE-2023-28371) - <sci-astronomy/stellarium-23.1: arbitrary file write vulnerability
Summary: <sci-astronomy/stellarium-23.1: arbitrary file write vulnerability
Alias: CVE-2023-28371
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa?]
Keywords: PullRequest
Depends on: 905303
  Show dependency tree
Reported: 2023-04-29 17:06 UTC by John Helmert III
Modified: 2023-05-25 02:54 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-04-29 17:06:16 UTC

In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal.

Patches in 23.1, please stabilize.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-05-23 04:27:39 UTC
Please cleanup.
Comment 2 Larry the Git Cow gentoo-dev 2023-05-25 02:53:41 UTC
The bug has been referenced in the following commit(s):

commit 30c84c89688d99c19e95672a24572fa4af864675
Author:     Alexey Sokolov <>
AuthorDate: 2023-05-23 18:33:19 +0000
Commit:     John Helmert III <>
CommitDate: 2023-05-25 02:53:27 +0000

    sci-astronomy/stellarium: drop 1.2
    Signed-off-by: Alexey Sokolov <>
    Signed-off-by: John Helmert III <>

 sci-astronomy/stellarium/Manifest              |   6 -
 sci-astronomy/stellarium/stellarium-1.2.ebuild | 192 -------------------------
 2 files changed, 198 deletions(-)