On Fri, Oct 20, 2023 at 11:19:01AM -0400, D. Hugh Redelmeier via talk wrote:
TL;DR: update libcue to a version released after October 10.
I read this last night: <https://arstechnica.com/information-technology/2023/10/one-click-remote-code-exploit-in-cd-cue-files-affects-most-gnome-based-linux-distros/> <https://nvd.nist.gov/vuln/detail/CVE-2023-43641>
[snip]
You can update your system to get a fixed libcue. The fix is in version 2.3.0.
Fedora 37 and 38 have fixes in version 2.2.1-13. I checked this by using "rpm -q --changelog libcue | less".
Fixed in Debian 11 and 12 (bullseye and bookworm, respectively) by debian package versions 2.2.1-3+deb11u1 (for bullseye) and 2.2.1-4+deb12u1 (for bookworm) on 11 October. $ sudo apt update && sudo apt upgrade -- joeDoe