[MacPorts] #67771: stellarium: Update to 23.2
MacPorts
noreply at macports.org
Thu Oct 5 10:04:54 UTC 2023
#67771: stellarium: Update to 23.2
-------------------------+-----------------------
Reporter: luzpaz | Owner: michaelld
Type: update | Status: assigned
Priority: Normal | Milestone:
Component: ports | Version:
Resolution: | Keywords:
Port: stellarium |
-------------------------+-----------------------
Comment (by contextnerror):
Can this get the security keyword? 23.1 and up fixes
[https://github.com/advisories/GHSA-7vmm-m8vp-g5h3 CVE-2023-28371].
From github:
'''PLEASE UPDATE! '''
This issue mitigates a potential security issue (reported as
CVE-2023-28371), where scripts were allowed to write output text and
screenshots to other places on users' systems apart from the Stellarium
user data directory or configured screenshot directory. Running unknown
scripts (which is a Bad Idea(tm) to begin with) could have exploited that
by attackers (script authors) writing even command files to vulnerable
places. We have not received a report where this would have caused a
problem.
--
Ticket URL: <https://trac.macports.org/ticket/67771#comment:2>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list