Summary: | <media-tv/kodi-17.3-r1: Vulnerable to VMSF_DELTA Filter Signedness Error through embedded UnRAR version | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | candrews, esigra, whissi |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa+] | ||
Package list: |
media-tv/kodi-17.3-r1
|
Runtime testing required: | --- |
Bug Depends on: | 628232 | ||
Bug Blocks: | 251464, 622380 |
Description
Thomas Deutschmann (RETIRED)
2017-06-21 12:10:51 UTC
Reported upstream at https://github.com/notspiff/vfs.rar/issues/9 (which will be used in Kodi 18, which is not yet currently released) and on Kodi's IRC channel on freenode at #kodi-dev. Reported upstream for Kodi 17.3 at https://trac.kodi.tv/ticket/17510 This issue has been resolved in -17.3-r1 so this issue can be resolved. With that said, imho -17.3-r1 should be marked stable because 17.3 is already stable and -r1 only adds this security fix. Someone has to test... there could be a build error for example. Or did you test on amd64 and x86? Then we could do a maintainer stabilization... @ Arches, please test and mark stable: =media-tv/kodi-17.3-r1 Stable on alpha. (In reply to Tobias Klausmann from comment #6) > Stable on alpha. Bullshit. Amd64 stable. media-tv/kodi-17.3-r1 is still not keyworded x86 stable - can we please do something about that so this issue can be closed? :) I run into a test failure (bug 628232) while trying to stabilize =media-tv/kodi-17.3-r1 on x86. Please tell me how to proceed. x86 marked stable, ignoring bug 629320 for the moment which isn't a regression and nothing which should block a B2. @ Maintainer(s): Please cleanup and drop =media-tv/kodi-17.3! New GLSA request filed. This issue was resolved and addressed in GLSA 201710-21 at https://security.gentoo.org/glsa/201710-21 by GLSA coordinator Aaron Bauman (b-man). re-opened for cleanup. Tree is clean. |