-
-
Notifications
You must be signed in to change notification settings - Fork 13.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kodi's urllib3 might be vulnerable to CVE-2021-33503 #176270
Comments
Would be nice if we could push issues like this upstream and have them fix it. Our tooling is nice and all we would have to do is backport the bump that our bot automatically creates. Any idea if upstream has addressed this? I can probably look later tonight when I'm at a computer. |
That's the problem with such tooling. You only get security updates after upstream notices them, if ever. Thus at least one more indirection. |
I guess I'm just spoiled by our (nixpkgs) tooling because all this comment made me think is that upstream could really benefit from using this type of tooling too 😉 |
Is there a way to override specific plugins? |
Straight |
We'll have to do either that or update upstream asap. |
I'm out for the day and my android phone can't read .xz files so I can't check if upstream has fixed this or not. Manually running the update script would let us know... if you have the capacity. |
How do I run it? |
Doesn't change anything. |
Where are these add-ons maintained upstream? |
The version is called
1.26.4+matrix.1
. That seems to be older than1.26.5
which is the first version with a fix for https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33503.Can't we use
python3Packages.urllib3
?cc @aanderse @cpages @edwtjo @minijackson @peterhoeg @sephalon
The text was updated successfully, but these errors were encountered: