Posts: 3
Joined: Aug 2016
Reputation:
0
Hello,
I have found a minor remote vulnerability in Kodi. Can an official developper or admin contact me back so I can give you all the details to fix it?
Thanks in advance.
Regards,
Guillaume
Posts: 17,859
Joined: Jul 2011
Reputation:
371
Why don't you just post it here so it could be fixed by someone why has time for v17
Regardless there won't be any update for v16 anymore.
Posts: 3
Joined: Aug 2016
Reputation:
0
I usually never disclose vulnerabilities publicily, instead I privately report it to the developpers, giving a reasonable time for a fix (even for a minor vulnerability).
However I wasn't aware v16 was EOL and would not be fixed. I will thus publish the vulnerability soon and post it here then. If a developper want to take a look at it before I do that, send me a mail/PM.
Regards,
Guillaume
Posts: 252
Joined: May 2009
Reputation:
10
Paxxi
Team-Kodi Member
Posts: 252
I feel it's been forgotten. Thank you for reporting this gkweb76, there's been some work in the pipeline to protect against path traversal that might resolve this issue but haven't tested to see if it actually does.
The janitor, cleaner of cruft, defender of style. Also known as the unfunny guy that doesn't understand signatures.