Control: tags -1 + confirmed On Thu, 2021-08-26 at 17:38 +0200, Jeroen Ploemen wrote: > The sabnzbdplus package has a security vulnerability, allowing a > directory escape in the renamer() function through malicious par2 > files. > > An attacker can create new files anywhere the privileges of the > sabnzbdplus process permit, but not overwrite or delete existing > files. > > The attached debdiff fixes the problem by backporting the upstream > fix. > Tested in buster by downloading a proof-of-concept job designed to > trigger the bug. >
Please go ahead. Regards, Adam
