Gentoo Linux Security Advisory 201805-5 - A vulnerability has been found in mpv that may allow a remote attacker to execute arbitrary code. Versions less than 0.27.2 are affected.
46484a5bc92b34c3b5b38b18e2399e1fec7c68dd874839bbca59610214d2b1d9
Debian Linux Security Advisory 4105-2 - A regression was detected in the previously issued fix for CVE-2018-6360. The patch released with DSA 4105-1 broke the feature of invoking mpv with raw YouTube ids. This update fixes this functionality issue.
e149e9c257505c1e884d8289d5b40537f299c12305def2f628b19cc3e5834d61
Debian Linux Security Advisory 4105-1 - It was discovered that mpv, a media player, was vulnerable to remote code execution attacks. An attacker could craft a malicious web page that, when used as an argument in mpv, could execute arbitrary code in the host of the mpv user.
9d62b2442745a4c9c4bd227c62bd0a6d2955e0b06fe5fa74c04517dcf75ea546