Package: release.debian.org Severity: normal Tags: buster User: release.debian....@packages.debian.org Usertags: pu X-Debbugs-Cc: t...@security.debian.org
The sabnzbdplus package has a security vulnerability, allowing a directory escape in the renamer() function through malicious par2 files. An attacker can create new files anywhere the privileges of the sabnzbdplus process permit, but not overwrite or delete existing files. The attached debdiff fixes the problem by backporting the upstream fix. Tested in buster by downloading a proof-of-concept job designed to trigger the bug. Upstream advisory: https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-jwj3-wrvf-v3rp Upstream fix: https://github.com/sabnzbd/sabnzbd/commit/3766ba54026eaa520dbee5b57a2f33d4954fb98b Security tracker (low severity/no-dsa): https://security-tracker.debian.org/tracker/CVE-2021-29488
sabnzbdplus_2.3.6+dfsg-1+deb10u2.debdiff
Description: Binary data
pgp0Jxa3HYuRH.pgp
Description: OpenPGP digital signature
