openSUSE-SU-2023:0374-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2023:0374-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/openSUSE-SU-2023:0374-1
- Related
- Published
- 2023-11-18T19:00:58Z
- Modified
- 2023-11-18T19:00:58Z
- Summary
- Security update for yt-dlp
- Details
-
This update for yt-dlp fixes the following issues:
Update to release 2023.11.14
- Security: [CVE-2023-46121] Patch Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection
- Disallow smuggling of arbitrary http_headers; extractors now only use specific headers
Make yt-dlp require the one pythonXX-yt-dlp that /usr/bin/yt-dlp was built with.
Rework Python build procedure [boo#1216467]
Enable Python library [boo#1216467]
Update to release 2023.10.13
- youtube: fix some bug with --extractor-retries inf
Update to release 2023.10.07
- yt: Fix heatmap extraction
- yt: Raise a warning for Incomplete Data instead of an error
Update to release 2023.09.24
- Extract subtitles from SMIL manifests
- fb: Add dash manifest URL
- crunchyroll: Remove initial state extraction
- youtube: Add player_params extractor arg
remove suggests on brotlicffi - this is only for != cpython
Update to release 2023.07.06
- Prevent Cookie leaks on HTTP redirect [boo#1213124] [CVE-2023-35934]
- yt: Avoid false DRM detection
- yt: Process post_live over 2 hours
- yt: Support shorts-only playlists
Update to release 2023.06.22
- youtube: add IOS to default clients used
Update to release 2023.06.21
- Add option --compat-option playlist-match-filter
- Add options --no-quiet, option --color, --netrc-cmd, --xff
- Auto-select default format in -f-
- Improve HTTP redirect handling
- Support decoding multiple content encodings
Use python3.11 on Leap 15.5
- python3.11 is the only python3 > 3.6 version would be shipped in Leap 15.5
Update to release 2023.03.04
- A bunch of extractor fixes
Update to release 2023.03.03
- youtube: Construct dash formats with range query
- yt: Detect and break on looping comments
- yt: Extract channel view_count when /about tab is passed
Update to release 2023.02.17
- Merge youtube-dl: Upto commit/2dd6c6e (Feb 17 2023)
- Fix --concat-playlist
- Imply --no-progress when --print
- Improve default subtitle language selection
- Make title completely non-fatal
- Sanitize formats before sorting
- [hls] Allow extractors to provide AES key
- [extractor/generic] Avoid catastrophic backtracking in KVS regex
- [jsinterp] Support if statements
- [plugins] Fix zip search paths
- [utils] Don't use Content-length with encoding
- [utils] Fix time_seconds to use the provided TZ
- [utils] Fix race condition in make_dir
- [extractor/anchorfm] Add episode
- [extractor/boxcast] Add extractor
- [extractor/ebay] Add extractor
- [extractor/hypergryph] Add extractor
- [extractor/NZOnScreen] Add extractor
- [extractor/rozhlas] Add extractor
- [extractor/tempo] Add IVXPlayer extractor
- [extractor/txxx] Add extractors
- [extractor/vocaroo] Add extractor
- [extractor/wrestleuniverse] Add extractors
- [extractor/yappy] Add extractor
- [extractor/youtube] Fix uploader_id extraction
- [extractor/youtube] Add hyperpipe instances
- [extractor/youtube] Handle consent.youtube
- [extractor/youtube] Support /live/ URL
- [extractor/youtube] Update invidious and piped instances
- [extractor/91porn] Fix title and comment extraction
- [extractor/AbemaTV] Cache user token whenever appropriate
- [extractor/bfmtv] Support rmc prefix
- [extractor/biliintl] Add intro and ending chapters
- [extractor/clyp] Support wav
- [extractor/crunchyroll] Add intro chapter
- [extractor/crunchyroll] Better message for premium videos
- [extractor/crunchyroll] Fix incorrect premium-only error
- [extractor/DouyuTV] Use new API
- [extractor/embedly] Embedded links may be for other extractors
- [extractor/freesound] Workaround invalid URL in webpage
- [extractor/GoPlay] Use new API
- [extractor/Hidive] Fix subtitles and age-restriction
- [extractor/huya] Support HD streams
- [extractor/moviepilot] Fix extractor
- [extractor/nbc] Fix NBC and NBCStations extractors
- [extractor/nbc] Fix XML parsing
- [extractor/nebula] Remove broken cookie support
- [extractor/nfl] Add NFLPlus extractor
- [extractor/niconico] Add support for like history
- [extractor/nitter] Update instance list by OIRNOIR
- [extractor/npo] Fix extractor and add HD support
- [extractor/odkmedia] Add OnDemandChinaEpisodeIE
- [extractor/pornez] Handle relative URLs in iframe
- [extractor/radiko] Fix format sorting for Time Free
- [extractor/rcs] Fix extractors
- [extractor/reddit] Support user posts
- [extractor/rumble] Fix format sorting
- [extractor/servus] Rewrite extractor
- [extractor/slideslive] Fix slides and chapters/duration
- [extractor/SportDeutschland] Fix extractor
- [extractor/Stripchat] Fix extractor
- [extractor/tnaflix] Fix extractor
- [extractor/tvp] Support stream.tvp.pl
- [extractor/twitter] Fix --no-playlist and add media view_count when using GraphQL
- [extractor/twitter] Fix graphql extraction on some tweets
- [extractor/vimeo] Fix playerConfig extraction
- [extractor/viu] Add ViuOTTIndonesiaIE extractor
- [extractor/vk] Fix playlists for new API
- [extractor/vlive] Replace with VLiveWebArchiveIE
- [extractor/ximalaya] Update album VALIDURL
- [extractor/zdf] Use android API endpoint for UHD downloads
- [youtube] Improve description extraction
- [youtube] Prevent excess HTTP 301
- [bellmedia] Add support for cp24.com clip URLs
- References
Affected packages
SUSE:Package Hub 15 SP5 / yt-dlp
Package
- Name
- yt-dlp
- Purl
- pkg:rpm/suse/yt-dlp&distro=SUSE%20Package%20Hub%2015%20SP5