[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1031048: marked as done (kodi: CVE-2023-23082)

Your message dated Tue, 14 Feb 2023 18:04:52 +0000
with message-id <E1pRzfg-005MAs-7f@fasolo.debian.org>
and subject line Bug#1031048: fixed in kodi 2:20.0+dfsg-2
has caused the Debian Bug report #1031048,
regarding kodi: CVE-2023-23082
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1031048: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031048
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: kodi
Version: 2:20.0+dfsg-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/xbmc/xbmc/issues/22377
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for kodi.

CVE-2023-23082[0]:
| A heap buffer overflow vulnerability in Kodi Home Theater Software up
| to 19.5 allows attackers to cause a denial of service due to an
| improper length of the value passed to the offset argument.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-23082
    https://www.cve.org/CVERecord?id=CVE-2023-23082
[1] https://github.com/xbmc/xbmc/issues/22377
[2] https://github.com/xbmc/xbmc/commit/00fec1dbdd1df827872c7b55ad93059636dfc076
[3] https://github.com/xbmc/xbmc/commit/7e5f9fbf9aaa3540aab35e7504036855b23dcf60

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: kodi
Source-Version: 2:20.0+dfsg-2
Done: Vasyl Gello <vasek.gello@gmail.com>

We believe that the bug you reported is fixed in the latest version of
kodi, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1031048@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Vasyl Gello <vasek.gello@gmail.com> (supplier of updated kodi package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 13 Feb 2023 10:43:13 +0000
Source: kodi
Architecture: source
Version: 2:20.0+dfsg-2
Distribution: unstable
Urgency: high
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Vasyl Gello <vasek.gello@gmail.com>
Closes: 1031048
Changes:
 kodi (2:20.0+dfsg-2) unstable; urgency=high
 .
   * s/gbp.conf: Switch to versioned upstream branches
   * Fix CVE-2023-23082 (Closes: #1031048)
Checksums-Sha1:
 7dd6967c87fef20b299d4224ff2d5520e79c8519 5889 kodi_20.0+dfsg-2.dsc
 9932d8071b621206b2dddd4bdde703f10fcfb824 2597952 kodi_20.0+dfsg-2.debian.tar.xz
 9cf3b857f73f3fea126bbf517f1ff1de7e3e83e8 12892 kodi_20.0+dfsg-2_source.buildinfo
Checksums-Sha256:
 5e7a259731f5f3179c675ae8f2795ab0e982963e38c2389ce595e65fdf0cb6f8 5889 kodi_20.0+dfsg-2.dsc
 8f28ca4ae0ae58aed809184f021aa7ae3995de0980198a92f920fd3924c8183e 2597952 kodi_20.0+dfsg-2.debian.tar.xz
 915f69bc2d63dccb551ff6fb2d7096b9224b8551a63411be04f0982831a75e02 12892 kodi_20.0+dfsg-2_source.buildinfo
Files:
 0700d390018374cbb978546e3cff3f3e 5889 video optional kodi_20.0+dfsg-2.dsc
 5b235a5b274d0046d0f2ed2c5537db11 2597952 video optional kodi_20.0+dfsg-2.debian.tar.xz
 4ae15458971304a92ca5931ef5a552cf 12892 video optional kodi_20.0+dfsg-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAmPrymIACgkQCBa54Yx2
K62lZA/9EjikbW638BRr9+eX7EamuodH95G9AeLX2+9xZ4LB48rROSMja008ImH3
k3vHsDbrfgucIn639PLEYlrj9nSXZO1RSw4pXICPnZox1BJc2L9e3YXOuHA2C6aW
p0vn+LlX6oSvDGkyM3VDoLXAv5BuzULiIUZaeEjxMEFlGe5+LFuwvsPMrZQxFxHf
QPWDMSr1KBe+xdZa9QYfE8y7xOU3usMTDaEhB0Qs8eT8QFVHDg3gtyB0zMg12fgC
ydZ7vunqt+9AdI60mqcdSzogO6mvuBucoViFiscBSxpUwarD49l5+PWl01zwTjnD
++x9nnm3QdMXy9uC6uRqXGSIVCukBy3+esz01SCsZL5IZsO28CUsQPqVhSCIJ4JS
/zeBcZXgX/FO2pq20lWW+NvYhbjE3z9DAHi8D1pQUfD4NLcR4uEJKHC0U2bRvwOo
JmdJrAfM9QeIeCFpJGfPw4Pti2/UgXpIwMVMWE95UxK1tRjd7EncPM6zeibvMqaE
I3YxsLpIGXZWFHyqodmZ8z/KXuAZpQo6mBjIohiItEyFW5ZcTNhJBBTfCg0MX9fA
UqvaslG25rY51P0BPBt0grV6Tve5IOLnaztUlwWoTl+1jUNx30tCOvVVSFviFjXF
beTkCogdFckoF6RIlnLq0EwWNejUF5jP/9T0kfowQB1G2XW+Tf0=
=VlOG
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: