Bug 20990 - xbmc new security issue CVE-2017-8314
Summary: xbmc new security issue CVE-2017-8314
Status: RESOLVED OLD
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: Anssi Hannula
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-05-30 14:42 CEST by David Walser
Modified: 2017-12-27 05:05 CET (History)
0 users

See Also:
Source RPM: xbmc-13.0-1.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2017-05-30 14:42:03 CEST 
A CVE has been assigned for a flaw processing subtitles in Kodi (aka xbmc):
https://bugs.launchpad.net/ubuntu/+source/kodi/+bug/1694249
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863230

The above bug reports have details on reproducing the issue and the upstream fix.

We can use that information to determine whether our old xbmc is affected and for fixing it, if necessary.
Comment 1 David Walser 2017-05-30 14:42:54 CEST 
The upstream Kodi announcement mentions the issue too:
https://kodi.tv/article/kodi-v173-minor-bug-fix-and-security-release

We have already updated to Kodi 17.3 in Cauldron.
Comment 2 David Walser 2017-05-30 14:45:59 CEST 
Also, IIRC, xbmc in Mageia 5 bundles ffmpeg, so we may need some updating for that reason as well.  Kodi can build against the system one (and it does in Cauldron), but it may not build against the version in Mageia 5.
Comment 3 David Walser 2017-12-27 05:05:56 CET 
Hopefully someone will keep this package up to date in the future.

Resolution: (none) => OLD
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.