Debian Package Tracker

general

source: kodi (main)
version: 2:17.6+dfsg1-2
maintainer: Debian Multimedia Maintainers (archive) [DMD]
uploaders: Jonas Smedegaard [DMD] – Balint Reczey [DMD]
arch: all any
std-ver: 3.9.8
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

old-bpo: 16.1+dfsg1-2~bpo8+2
stable: 2:17.1+dfsg1-3
unstable: 2:17.6+dfsg1-2

versioned links

16.1+dfsg1-2~bpo8+2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:17.1+dfsg1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:17.6+dfsg1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

kodi
kodi-addons-dev
kodi-bin
kodi-data
kodi-eventclients-common
kodi-eventclients-dev
kodi-eventclients-kodi-send
kodi-eventclients-ps3
kodi-eventclients-wiiremote
kodi-repository-kodi
xbmc
xbmc-addons-dev
xbmc-bin
xbmc-eventclients-common
xbmc-eventclients-dev
xbmc-eventclients-ps3
xbmc-eventclients-wiiremote
xbmc-eventclients-xbmc-send

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

In debian/watch no matching files for watch line
  https://github.com/xbmc/xbmc/tags .*archive/?(\d\S*)-[A-Z].*\.tar\.gz

Created: 2018-08-17 Last update: 2018-08-21 22:01

Standards version of the package is outdated. high

The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 4.2.0 instead of 3.9.8).

Created: 2017-06-29 Last update: 2018-08-21 12:15

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2018-8831: A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist.
CVE-2017-5982: Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd.

Please fix them.

Created: 2015-07-13 Last update: 2018-08-19 20:10

lintian reports 35 warnings high

Lintian reports 35 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2015-09-22 Last update: 2018-08-11 07:46

The VCS repository is not up to date, consider pushing the missing commits. high

vcswatch reports that the current version of the package is not in its VCS.
Either you need to push your commits, or the information about the package's VCS are out of date. A common cause of the latter issue when using the Git VCS is not specifying the correct branch when the packaging is not in the default one (remote HEAD branch), which is usually "master" but can be modified in salsa.debian.org in the project's general settings with the "Default Branch" field). Alternatively the Vcs-Git field in debian/control can contain a "-b <branch-name>" suffix to indicate what branch is used for the Debian packaging.

Created: 2018-02-19 Last update: 2018-07-03 15:58

Multiarch hinter reports 7 issue(s) normal

There are issues with the multiarch metadata for this package.

kodi-eventclients-kodi-send could be marked Multi-Arch: foreign
kodi-repository-kodi could be marked Multi-Arch: foreign
xbmc-eventclients-common could be marked Multi-Arch: foreign
xbmc-eventclients-dev could be marked Multi-Arch: foreign
xbmc-eventclients-ps3 could be marked Multi-Arch: foreign
xbmc-bin could be marked Multi-Arch: same
xbmc-eventclients-wiiremote could be marked Multi-Arch: same

Created: 2016-09-14 Last update: 2018-08-22 00:42

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2018-08-19 Last update: 2018-08-22 00:40

Depends on packages which need a new maintainer normal

The packages that kodi depends on which need a new maintainer are:

cwiid (#810992)
- Depends: libcwiid1
- Build-Depends: libcwiid-dev
libcdio (#881719)
- Depends: libcdio18
- Build-Depends: libcdio-dev libiso9660-dev
libtool (#905994)
- Build-Depends: libltdl-dev libtool
giflib (#834410)
- Depends: libgif7
- Build-Depends: libgif-dev
libplist (#867217)
- Recommends: libplist3
- Build-Depends: libplist-dev

Created: 2017-12-02 Last update: 2018-08-22 00:36

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2017-11-21 Last update: 2018-08-21 23:02

2 ignored security issues in stretch low

There are 2 open security issues in stretch.

2 issues skipped by the security teams:

CVE-2018-8831: A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist.
CVE-2017-5982: Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd.

Please fix them.

Created: 2016-12-04 Last update: 2018-08-19 20:10

testing migrations

excuses:
- Migrates after: ffmpeg/amd64, ffmpeg/arm64, ffmpeg/armel, ffmpeg/armhf, ffmpeg/i386, ffmpeg/mips, ffmpeg/mips64el, ffmpeg/mipsel, ffmpeg/ppc64el, ffmpeg/s390x, pybluez, python-lightblue
- 115 days old (5 needed)
- Updating kodi introduces new bugs: #888383
- Piuparts tested OK - https://piuparts.debian.org/sid/source/k/kodi.html
- Impossible dependency: kodi -> ffmpeg/s390x
- Impossible dependency: kodi -> ffmpeg/arm64
- Impossible dependency: kodi -> ffmpeg/armel
- Impossible dependency: kodi -> ffmpeg/i386
- Impossible dependency: kodi -> ffmpeg/mipsel
- Impossible dependency: kodi -> ffmpeg/amd64
- Impossible dependency: kodi -> ffmpeg/armhf
- Impossible dependency: kodi -> ffmpeg/ppc64el
- Impossible dependency: kodi -> ffmpeg/mips64el
- Impossible dependency: kodi -> ffmpeg/mips
- Not considered

news

[rss feed]

[2018-08-20] kodi REMOVED from testing (Debian testing watch)
[2018-08-20] kodi REMOVED from testing (Debian testing watch)
[2018-05-04] kodi 2:17.6+dfsg1-2 MIGRATED to testing (Debian testing watch)
[2018-04-28] Accepted kodi 2:17.6+dfsg1-2 (source) into unstable (Balint Reczey)
[2017-12-31] kodi 2:17.6+dfsg1-1 MIGRATED to testing (Debian testing watch)
[2017-12-26] Accepted kodi 2:17.6+dfsg1-1 (source) into unstable (Balint Reczey)
[2017-10-11] Accepted kodi 2:17.3+dfsg1-5 (source) into unstable (Jonas Smedegaard)
[2017-10-10] Accepted kodi 2:17.3+dfsg1-4 (source) into unstable (Jonas Smedegaard)
[2017-10-05] Accepted kodi 2:17.3+dfsg1-3 (source amd64 all) into unstable, unstable (Jonas Smedegaard)
[2017-09-05] kodi REMOVED from testing (Debian testing watch)
[2017-07-04] kodi 2:17.3+dfsg1-2 MIGRATED to testing (Debian testing watch)
[2017-06-29] Accepted kodi 2:17.3+dfsg1-2 (source) into unstable (Balint Reczey)
[2017-06-06] Accepted kodi 16.1+dfsg1-2~bpo8+2 (source amd64 all) into jessie-backports->backports-policy, jessie-backports (Balint Reczey)
[2017-05-29] kodi 2:17.1+dfsg1-3 MIGRATED to testing (Debian testing watch)
[2017-05-27] Accepted kodi 2:17.3+dfsg1-1 (source) into experimental (Balint Reczey)
[2017-05-27] Accepted kodi 2:17.1+dfsg1-3 (source) into unstable (Balint Reczey)
[2017-04-19] kodi 2:17.1+dfsg1-2 MIGRATED to testing (Debian testing watch)
[2017-04-13] Accepted kodi 2:17.1+dfsg1-2 (source) into unstable (Balint Reczey)
[2017-04-02] Accepted kodi 2:17.1+dfsg1-1 (source) into experimental (Balint Reczey)
[2017-03-05] Accepted kodi 2:17.1~rc1+dfsg1-1 (source) into experimental (Balint Reczey)
[2017-02-28] kodi 2:17.0+dfsg1-3 MIGRATED to testing (Debian testing watch)
[2017-02-22] Accepted kodi 2:17.0+dfsg1-3 (source) into unstable (Balint Reczey)
[2017-02-20] kodi 2:17.0+dfsg1-2 MIGRATED to testing (Debian testing watch)
[2017-02-09] Accepted kodi 2:17.0+dfsg1-2 (source) into unstable (Balint Reczey)
[2017-02-06] Accepted kodi 2:17.0+dfsg1-1 (source) into experimental (Balint Reczey)
[2017-02-05] kodi 2:17.0~rc3+dfsg1-2 MIGRATED to testing (Debian testing watch)
[2017-02-05] Accepted kodi 2:17.0~rc4+dfsg1-1 (source) into experimental (Balint Reczey)
[2017-01-25] Accepted kodi 2:17.0~rc3+dfsg1-2 (source) into unstable (Balint Reczey)
[2017-01-17] kodi 2:17.0~rc2+dfsg1-1 MIGRATED to testing (Debian testing watch)
[2017-01-17] Accepted kodi 2:17.0~rc3+dfsg1-1 (source) into unstable (Balint Reczey)

bugs [bug history graph]

all: 40
RC: 1
I&N: 24
M&W: 14
F&P: 0
patch: 1

links

homepage
lintian (0, 35)
buildd: logs, clang
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2:17.6+dfsg1-2build1
24 bugs
patches for 2:17.6+dfsg1-2ubuntu1