Bug#877656: kodi: supports insecure download of non-free addons

2017-10-04 Thread Jonas Smedegaard
Quoting IOhannes m zmölnig (2017-10-04 09:31:09) > On Wed, 04 Oct 2017 03:08:17 +0200 Jonas Smedegaard wrote: > > Quoting Felipe Sateler (2017-10-04 00:32:21) > > > > > > I think your patch mainly addresses issue number 2, doesn't it? Fixing > > > issue 1 would require asking

Bug#877656: kodi: supports insecure download of non-free addons

2017-10-04 Thread IOhannes m zmölnig
On Wed, 04 Oct 2017 03:08:17 +0200 Jonas Smedegaard wrote: > Quoting Felipe Sateler (2017-10-04 00:32:21) > > > > I think your patch mainly addresses issue number 2, doesn't it? Fixing > > issue 1 would require asking upstream to provide > >

Bug#877656: kodi: supports insecure download of non-free addons

2017-10-03 Thread Jonas Smedegaard
Quoting Felipe Sateler (2017-10-04 00:32:21) > On Tue, Oct 3, 2017 at 7:04 PM, Jonas Smedegaard wrote: >> Quoting Felipe Sateler (2017-10-03 23:32:24) >>> On Tue, Oct 3, 2017 at 5:49 PM, Jonas Smedegaard wrote: Kodi supports downloading and loading addons at

Bug#877656: kodi: supports insecure download of non-free addons

2017-10-03 Thread Felipe Sateler
On Tue, Oct 3, 2017 at 7:04 PM, Jonas Smedegaard wrote: > Quoting Felipe Sateler (2017-10-03 23:32:24) >> On Tue, Oct 3, 2017 at 5:49 PM, Jonas Smedegaard wrote: >> > Package: kodi >> > Version: 2:17.3+dfsg1-2 >> > Severity: grave >> >> This severity feels a bit

Bug#877656: kodi: supports insecure download of non-free addons

2017-10-03 Thread Jonas Smedegaard
Quoting Felipe Sateler (2017-10-03 23:32:24) > On Tue, Oct 3, 2017 at 5:49 PM, Jonas Smedegaard wrote: > > Package: kodi > > Version: 2:17.3+dfsg1-2 > > Severity: grave > > This severity feels a bit inflated. After all, you can download and > run non-free programs using a web

Bug#877656: kodi: supports insecure download of non-free addons

2017-10-03 Thread Felipe Sateler
On Tue, Oct 3, 2017 at 5:49 PM, Jonas Smedegaard wrote: > Package: kodi > Version: 2:17.3+dfsg1-2 > Severity: grave This severity feels a bit inflated. After all, you can download and run non-free programs using a web browser too! > Tags: security upstream patch > Justification:

Bug#877656: kodi: supports insecure download of non-free addons

2017-10-03 Thread Jonas Smedegaard
Package: kodi Version: 2:17.3+dfsg1-2 Severity: grave Tags: security upstream patch Justification: user security hole -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Kodi supports downloading and loading addons at runtime. Official addon feed is served only via http and contain non-free addons.