Blah blah blah
Checkpoints advisory has to be the worst one I have read. It's all PR and no info that can help anyone.
Is it shared subtitle code among the players? It is one specific subtitle format that has an issue? Is Kodi vulnerable on all platforms or just Windows?
One of the links they give is a commit for fixing a directory traversal while unzipping.
A complete waste of time reading their advisory.