Bug#1040593: kodi: CVE-2023-30207

To: submit@bugs.debian.org
Subject: Bug#1040593: kodi: CVE-2023-30207
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Fri, 7 Jul 2023 20:57:26 +0200
Message-id: <[🔎] ZKhgFveQ2BUhfwCD@pisco.westfalen.local>
Reply-to: Moritz Mühlenhoff <jmm@inutil.org>, 1040593@bugs.debian.org

Source: kodi
X-Debbugs-CC: team@security.debian.org
Severity: normal
Tags: security

Hi,

The following vulnerability was published for kodi.

CVE-2023-30207[0]:
| A divide by zero issue discovered in Kodi Home Theater Software 19.5
| and earlier allows attackers to cause a denial of service via use of
| crafted mp3 file.

https://github.com/xbmc/xbmc/issues/22378
https://github.com/xbmc/xbmc/pull/22391
https://github.com/xbmc/xbmc/commit/dbc00c500f4c4830049cc040a61c439c580eea73

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-30207
    https://www.cve.org/CVERecord?id=CVE-2023-30207

Please adjust the affected versions in the BTS as needed.

Reply to:

Follow-Ups:
- Bug#1040593: kodi: CVE-2023-30207
  - From: Vasyl Gello <vasek.gello@gmail.com>
- Processed: Re: Bug#1040593: kodi: CVE-2023-30207
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Re: packaging fdk-aac-free
Next by Date: Bug#1040593: kodi: CVE-2023-30207
Previous by thread: fluster_1.0.1+git20230606.0c9a7db-1_source.changes ACCEPTED into unstable
Next by thread: Bug#1040593: kodi: CVE-2023-30207
Index(es):
- Date
- Thread