On Mon, 29 May 2017, Bálint Réczey wrote: > Dear Backports Team, > > Kodi recently fixed an important security issue in 17.3 and I would > like to ask for permission > to update backports' 16.1 version with only a targeted fix instead of > pulling in 17.x. > > Changes: > kodi (16.1+dfsg1-2~bpo8+2) jessie-backports; urgency=medium > . > * Fix zip file directory traversal vulnerability (CVE-2017-8314) > (Closes: #863230) > * Add test for CVE-2017-8314 to autotools-based build > > I'm open to updating kodi to 17.x, too, in backports later, but it > includes updating many reverse > dependencies and may add regressions from 16.1 which is why I have not > updated the packages > yet. I am fine with it if it is a one time update. The goal should be to get 17.x as soon as possible. I know kodi and its dependencies and I perfectly understand it may take some time to get all into backports. So please go ahead with the security update. Alex
Attachment:
signature.asc
Description: PGP signature