Just confirmed (after a reasonable amount of time) that XMBC in wheezy
is vulnerable to CVE-2017-5982 although the exploit is different.
When XBMC is run as root (yes, probably bad idea, this is a VM for
Downloads - guess what?
This was marked as "unreproducible" for 2:12.3+dfsg1-3ubuntu1 in
dla-needed.txt, however I have a suspicion that is incorrect.
However the information for CVE-2017-5982 is for /image not /vfs
Brian May <email@example.com>