[core] Disallow unsafe extensions (CVE-2024-38519)

Ref: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j Authored by: Grub4K
author: Simon Sawicki <contact@grub4k.xyz> 2024-07-02 00:52:50 +0200
committer: Simon Sawicki <contact@grub4k.xyz> 2024-07-02 00:58:40 +0200
commit: 5ce582448ececb8d9c30c8c31f58330090ced03a (patch)
tree: 9efc5c03be85a599c570daed5759d81d7c2eda1d /devscripts
parent: 6aaf96a3d6e7d0d426e97e11a2fcf52fda00e733 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/devscripts/changelog_override.json b/devscripts/changelog_override.json
index f7209f3bd..ced38a0dd 100644
--- a/devscripts/changelog_override.json
+++ b/devscripts/changelog_override.json
@@ -175,5 +175,10 @@
         "when": "e6a22834df1776ec4e486526f6df2bf53cb7e06f",
         "short": "[ie/orf:on] Add `prefer_segments_playlist` extractor-arg (#10314)",
         "authors": ["seproDev"]
+    },
+    {
+        "action": "add",
+        "when": "6aaf96a3d6e7d0d426e97e11a2fcf52fda00e733",
+        "short": "[priority] Security: [[CVE-2024-10123](https://nvd.nist.gov/vuln/detail/CVE-2024-10123)] [Properly sanitize file-extension to prevent file system modification and RCE](https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j)\n    - Unsafe extensions are now blocked from being downloaded"
     }
 ]
author	Simon Sawicki <contact@grub4k.xyz>	2024-07-02 00:52:50 +0200
committer	Simon Sawicki <contact@grub4k.xyz>	2024-07-02 00:58:40 +0200
commit	5ce582448ececb8d9c30c8c31f58330090ced03a (patch)
tree	9efc5c03be85a599c570daed5759d81d7c2eda1d /devscripts
parent	6aaf96a3d6e7d0d426e97e11a2fcf52fda00e733 (diff)