Debian Package Tracker

general

source: kodi (main)
version: 2:17.6+dfsg1-4
maintainer: Debian Multimedia Maintainers (archive) [DMD]
uploaders: Jonas Smedegaard [DMD] – Balint Reczey [DMD]
arch: all any
std-ver: 3.9.8
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

old-bpo: 16.1+dfsg1-2~bpo8+2
stable: 2:17.1+dfsg1-3
testing: 2:17.6+dfsg1-4
unstable: 2:17.6+dfsg1-4

versioned links

16.1+dfsg1-2~bpo8+2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:17.1+dfsg1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:17.6+dfsg1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:17.6+dfsg1-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

kodi
kodi-addons-dev
kodi-bin
kodi-data
kodi-eventclients-common
kodi-eventclients-dev
kodi-eventclients-kodi-send
kodi-eventclients-ps3
kodi-eventclients-wiiremote
kodi-repository-kodi

action needed

A new upstream version is available: 18.0~rc5.2 high

A new upstream version 18.0~rc5.2 is available, you should consider packaging it.

Created: 2018-08-23 Last update: 2019-01-16 08:36

Standards version of the package is outdated. high

The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 4.3.0 instead of 3.9.8).

Created: 2017-06-29 Last update: 2018-12-23 17:15

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2017-5982: Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd.
CVE-2018-8831: A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist.

Please fix them.

Created: 2015-07-13 Last update: 2018-11-22 11:25

2 security issues in buster high

There are 2 open security issues in buster.

2 important issues:

CVE-2017-5982: Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd.
CVE-2018-8831: A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist.

Please fix them.

Created: 2018-11-22 Last update: 2018-11-22 11:25

lintian reports 10 warnings high

Lintian reports 10 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2015-09-22 Last update: 2018-11-19 02:14

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2018-10-01 Last update: 2019-01-16 08:54

Depends on packages which need a new maintainer normal

The packages that kodi depends on which need a new maintainer are:

cwiid (#810992)
- Depends: libcwiid1
- Build-Depends: libcwiid-dev
libcdio (#881719)
- Depends: libcdio18
- Build-Depends: libcdio-dev libiso9660-dev
giflib (#834410)
- Depends: libgif7
- Build-Depends: libgif-dev

Created: 2017-12-02 Last update: 2019-01-16 08:43

Multiarch hinter reports 5 issue(s) normal

There are issues with the multiarch metadata for this package.

kodi-eventclients-kodi-send could be marked Multi-Arch: foreign
kodi-repository-kodi could be marked Multi-Arch: foreign
xbmc-eventclients-common could be marked Multi-Arch: foreign
xbmc-eventclients-dev could be marked Multi-Arch: foreign
xbmc-eventclients-ps3 could be marked Multi-Arch: foreign

Created: 2016-09-14 Last update: 2019-01-16 03:32

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2018-11-22 Last update: 2019-01-15 23:44

2 new commits since last upload, time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 28b21e831a97f4fbe2d4ae0b13bed51b164357b8
Author: Balint Reczey <balint.reczey@canonical.com>
Date:   Sun Nov 25 21:05:17 2018 +0100

    debian/tests/gui: Wait for kodi to start, not just a fixed 5 seconds

commit d7725652be5c8ba08725c00e902b590de1ad424f
Author: Balint Reczey <balint.reczey@canonical.com>
Date:   Sun Nov 25 21:05:17 2018 +0100

    debian/tests/gui: Wait a bit more for kodi to start
    
    and always print kodi's log.

Created: 2018-11-24 Last update: 2019-01-15 18:41

2 ignored security issues in stretch low

There are 2 open security issues in stretch.

2 issues skipped by the security teams:

CVE-2017-5982: Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd.
CVE-2018-8831: A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist.

Please fix them.

Created: 2016-12-04 Last update: 2018-11-22 11:25

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2018-11-18 Last update: 2018-11-18 09:16

news

[rss feed]

[2018-11-23] kodi 2:17.6+dfsg1-4 MIGRATED to testing (Debian testing watch)
[2018-11-20] Accepted kodi 2:17.6+dfsg1-4 (source) into unstable (Balint Reczey)
[2018-11-17] Accepted kodi 2:17.6+dfsg1-3 (source) into unstable (Balint Reczey)
[2018-08-20] kodi REMOVED from testing (Debian testing watch)
[2018-08-20] kodi REMOVED from testing (Debian testing watch)
[2018-05-04] kodi 2:17.6+dfsg1-2 MIGRATED to testing (Debian testing watch)
[2018-04-28] Accepted kodi 2:17.6+dfsg1-2 (source) into unstable (Balint Reczey)
[2017-12-31] kodi 2:17.6+dfsg1-1 MIGRATED to testing (Debian testing watch)
[2017-12-26] Accepted kodi 2:17.6+dfsg1-1 (source) into unstable (Balint Reczey)
[2017-10-11] Accepted kodi 2:17.3+dfsg1-5 (source) into unstable (Jonas Smedegaard)
[2017-10-10] Accepted kodi 2:17.3+dfsg1-4 (source) into unstable (Jonas Smedegaard)
[2017-10-05] Accepted kodi 2:17.3+dfsg1-3 (source amd64 all) into unstable, unstable (Jonas Smedegaard)
[2017-09-05] kodi REMOVED from testing (Debian testing watch)
[2017-07-04] kodi 2:17.3+dfsg1-2 MIGRATED to testing (Debian testing watch)
[2017-06-29] Accepted kodi 2:17.3+dfsg1-2 (source) into unstable (Balint Reczey)
[2017-06-06] Accepted kodi 16.1+dfsg1-2~bpo8+2 (source amd64 all) into jessie-backports->backports-policy, jessie-backports (Balint Reczey)
[2017-05-29] kodi 2:17.1+dfsg1-3 MIGRATED to testing (Debian testing watch)
[2017-05-27] Accepted kodi 2:17.3+dfsg1-1 (source) into experimental (Balint Reczey)
[2017-05-27] Accepted kodi 2:17.1+dfsg1-3 (source) into unstable (Balint Reczey)
[2017-04-19] kodi 2:17.1+dfsg1-2 MIGRATED to testing (Debian testing watch)
[2017-04-13] Accepted kodi 2:17.1+dfsg1-2 (source) into unstable (Balint Reczey)
[2017-04-02] Accepted kodi 2:17.1+dfsg1-1 (source) into experimental (Balint Reczey)
[2017-03-05] Accepted kodi 2:17.1~rc1+dfsg1-1 (source) into experimental (Balint Reczey)
[2017-02-28] kodi 2:17.0+dfsg1-3 MIGRATED to testing (Debian testing watch)
[2017-02-22] Accepted kodi 2:17.0+dfsg1-3 (source) into unstable (Balint Reczey)
[2017-02-20] kodi 2:17.0+dfsg1-2 MIGRATED to testing (Debian testing watch)
[2017-02-09] Accepted kodi 2:17.0+dfsg1-2 (source) into unstable (Balint Reczey)
[2017-02-06] Accepted kodi 2:17.0+dfsg1-1 (source) into experimental (Balint Reczey)
[2017-02-05] kodi 2:17.0~rc3+dfsg1-2 MIGRATED to testing (Debian testing watch)
[2017-02-05] Accepted kodi 2:17.0~rc4+dfsg1-1 (source) into experimental (Balint Reczey)

bugs [bug history graph]

all: 36
RC: 0
I&N: 22
M&W: 14
F&P: 0
patch: 1

links

homepage
lintian (0, 10)
buildd: logs, checks, clang, reproducibility
popcon
debci
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2:17.6+dfsg1-4ubuntu2
26 bugs
patches for 2:17.6+dfsg1-4ubuntu2