See tracker bug 622380 URL for details.
media-tv/kodi-17.3 bundles an old UnRAR version in "xbmc-17.3-Krypton/lib/UnrarXLib" and is therefore suspected to be affected.
Reported upstream at https://github.com/notspiff/vfs.rar/issues/9 (which will be used in Kodi 18, which is not yet currently released) and on Kodi's IRC channel on freenode at #kodi-dev.
Reported upstream for Kodi 17.3 at https://trac.kodi.tv/ticket/17510
This issue has been resolved in -17.3-r1 so this issue can be resolved. With that said, imho -17.3-r1 should be marked stable because 17.3 is already stable and -r1 only adds this security fix.
Someone has to test... there could be a build error for example. Or did you test on amd64 and x86? Then we could do a maintainer stabilization...
please test and mark stable: =media-tv/kodi-17.3-r1
Stable on alpha.
(In reply to Tobias Klausmann from comment #6)
> Stable on alpha.
Bullshit. Amd64 stable.
media-tv/kodi-17.3-r1 is still not keyworded x86 stable - can we please do something about that so this issue can be closed? :)
I run into a test failure (bug 628232) while trying to stabilize =media-tv/kodi-17.3-r1 on x86. Please tell me how to proceed.
x86 marked stable, ignoring bug 629320 for the moment which isn't a regression and nothing which should block a B2.
@ Maintainer(s): Please cleanup and drop =media-tv/kodi-17.3!
New GLSA request filed.
This issue was resolved and addressed in
GLSA 201710-21 at https://security.gentoo.org/glsa/201710-21
by GLSA coordinator Aaron Bauman (b-man).
re-opened for cleanup.
Tree is clean.