CVE-2023-23082: A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument. I guess not been backported to 19.x? https://github.com/xbmc/xbmc/commit/8c2aafb6d4987833803e037c923aaf83f9ff41e1 https://github.com/xbmc/xbmc/pull/22380
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4aae5251ec3c8d40d17390a3261dfb1939c7bd75 commit 4aae5251ec3c8d40d17390a3261dfb1939c7bd75 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2024-09-14 10:46:17 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2024-09-14 20:11:48 +0000 media-tv/kodi: drop 19.5-r2, 20.5-r1, de-stabilising x86 19*: still no python3_12, broken against current stable toolchain x86: tests are failing w/ 32-bit, we've waited long enough. Bug: https://bugs.gentoo.org/779184 Bug: https://bugs.gentoo.org/905103 Bug: https://bugs.gentoo.org/932996 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> media-tv/kodi/Manifest | 7 - media-tv/kodi/files/kodi-19.4-atomic.patch | 108 ----- media-tv/kodi/files/kodi-19.4-dav1d-1.0.0.patch | 94 ---- .../files/kodi-19.4-fix-mesa-22.3.0-build.patch | 12 - media-tv/kodi/files/kodi-19.5-flatbuffers.patch | 35 -- media-tv/kodi/files/kodi-19.5-gcc-13.patch | 70 --- media-tv/kodi/files/kodi-20.2-binutils-2.41.patch | 103 ----- media-tv/kodi/files/kodi-20.3-gcc-14.patch | 72 ---- media-tv/kodi/kodi-19.5-r2.ebuild | 382 ---------------- media-tv/kodi/kodi-20.5-r1.ebuild | 479 --------------------- 10 files changed, 1362 deletions(-)
Only >=21.0 remains in ::gentoo.
