Thanks Balint!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1694249
Title:
CVE-2017-8314: malicious subtitle zip files vulnerability
To manage notifications about this bug go to:
This bug was fixed in the package kodi - 15.2+dfsg1-3ubuntu1.1
---
kodi (15.2+dfsg1-3ubuntu1.1) xenial-security; urgency=high
* Fix zip file directory traversal vulnerability (CVE-2017-8314)
(Closes: #863230, LP: #1694249)
* Add test for CVE-2017-8314 to autotools-based build
This bug was fixed in the package kodi - 2:17.1+dfsg1-1ubuntu0.1
---
kodi (2:17.1+dfsg1-1ubuntu0.1) zesty-security; urgency=high
* Fix zip file directory traversal vulnerability (CVE-2017-8314)
(Closes: #863230, LP: #1694249)
* Add test for CVE-2017-8314 to autotools-based
This bug was fixed in the package kodi - 16.1+dfsg1-2ubuntu0.1
---
kodi (16.1+dfsg1-2ubuntu0.1) yakkety-security; urgency=high
* Fix zip file directory traversal vulnerability (CVE-2017-8314)
(Closes: #863230, LP: #1694249)
* Add test for CVE-2017-8314 to autotools-based
Local builds of kodi on my machine made me curious:
- The deb comparison tool we use didn't show new symbols in the xenial version
even though they were shown in the yakkety and zesty versions
- The new symbols shown in the yakkety and zesty versions make me suspicious
that the packages are
Unsubscribing ubuntu-sponsors and subscribing ubuntu-security-sponsors,
as detailed here:
https://wiki.ubuntu.com/SecurityTeam/SponsorsQueue#Notes_for_Contributors
** Changed in: kodi (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of
The attachment "zesty patch" seems to be a debdiff. The ubuntu-sponsors
team has been subscribed to the bug report so that they can review and
hopefully sponsor the debdiff. If the attachment isn't a patch, please
remove the "patch" flag from the attachment, remove the "patch" tag, and
if you
** Changed in: kodi (Debian)
Status: Unknown => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1694249
Title:
CVE-2017-8314: malicious subtitle zip files vulnerability
To manage
I have verified the Xenial fix with the package in the ppa
(15.2+dfsg1-3ubuntu1.1), the Yakkety fix on jessie with the version
proposed for jessie-backports ( https://lists.debian.org/debian-
backports/2017/05/msg00274.html 16.1+dfsg1-2~bpo8+2) and the Zesty fix
with Debian's 2:17.1+dfsg1-3.
--
** Patch added: "zesty patch"
https://bugs.launchpad.net/ubuntu/+source/kodi/+bug/1694249/+attachment/4885708/+files/kodi_2%3A17.1+dfsg1-1_2%3A17.1+dfsg1-1ubuntu0.1.diff.gz
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
I have uploaded the fixed packages to this PPA:
https://launchpad.net/~rbalint/+archive/ubuntu/kodi-sru
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1694249
Title:
CVE-2017-8314: malicious
** Patch added: "yakkety patch"
https://bugs.launchpad.net/ubuntu/+source/kodi/+bug/1694249/+attachment/4885709/+files/kodi_16.1+dfsg1-2_16.1+dfsg1-2ubuntu0.1.diff.gz
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: "xenial patch"
https://bugs.launchpad.net/ubuntu/+source/kodi/+bug/1694249/+attachment/4885710/+files/kodi_15.2+dfsg1-3ubuntu1.1.patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-8314
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1694249
Title:
CVE-2017-8314: malicious subtitle zip files vulnerability
To
14 matches
Mail list logo