Bug 20990

Summary: xbmc new security issue CVE-2017-8314
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Anssi Hannula <anssi.hannula>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: major    
Priority: Normal    
Version: 5   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: xbmc-13.0-1.mga5.src.rpm CVE:
Status comment:

Description David Walser 2017-05-30 14:42:03 CEST 
A CVE has been assigned for a flaw processing subtitles in Kodi (aka xbmc):
https://bugs.launchpad.net/ubuntu/+source/kodi/+bug/1694249
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863230

The above bug reports have details on reproducing the issue and the upstream fix.

We can use that information to determine whether our old xbmc is affected and for fixing it, if necessary.
Comment 1 David Walser 2017-05-30 14:42:54 CEST 
The upstream Kodi announcement mentions the issue too:
https://kodi.tv/article/kodi-v173-minor-bug-fix-and-security-release

We have already updated to Kodi 17.3 in Cauldron.
Comment 2 David Walser 2017-05-30 14:45:59 CEST 
Also, IIRC, xbmc in Mageia 5 bundles ffmpeg, so we may need some updating for that reason as well.  Kodi can build against the system one (and it does in Cauldron), but it may not build against the version in Mageia 5.
Comment 3 David Walser 2017-12-27 05:05:56 CET 
Hopefully someone will keep this package up to date in the future.

Resolution: (none) => OLD
Status: NEW => RESOLVED