Opened 15 months ago

Closed 9 months ago

#67771 closed update (fixed)

stellarium: Update to 23.2

Reported by: luzpaz Owned by: michaelld (Michael Dickens)
Priority: Normal Milestone:
Component: ports Version:
Keywords: Cc:
Port: stellarium

Description

Please update to v23.2 (https://github.com/Stellarium/stellarium/releases/tag/v23.2)

https://ports.macports.org/port/stellarium/details/

Change History (3)

comment:1 Changed 15 months ago by ryandesign (Ryan Carsten Schmidt)

Owner: set to michaelld
Port: stellarium added; stelllarium removed
Priority: LowNormal
Status: newassigned
Summary: Updated stellarium to v23.2stellarium: Update to 23.2
Type: requestupdate

comment:2 Changed 12 months ago by contextnerror

Can this get the security keyword? 23.1 and up fixes CVE-2023-28371.

From github:

PLEASE UPDATE!

This issue mitigates a potential security issue (reported as CVE-2023-28371), where scripts were allowed to write output text and screenshots to other places on users' systems apart from the Stellarium user data directory or configured screenshot directory. Running unknown scripts (which is a Bad Idea(tm) to begin with) could have exploited that by attackers (script authors) writing even command files to vulnerable places. We have not received a report where this would have caused a problem.

comment:3 Changed 9 months ago by herbygillot (Herby Gillot)

Resolution: fixed
Status: assignedclosed

In 0f43de64f17b4fa4d9e7de40ef4cda4899e2e2ff/macports-ports (master):

stellarium: update to 23.4

Fixes: #67771

Note: See TracTickets for help on using tickets.