UbuntuUpdates.org

Package "calibre"

Name: calibre

Description:

e-book converter and library management

Latest version: 2.55.0+dfsg-1ubuntu0.2
Release: xenial (16.04)
Level: security
Repository: universe
Homepage: http://calibre-ebook.com

Links


Download "calibre"


Other versions of "calibre" in Xenial

Repository Area Version
base universe 2.55.0+dfsg-1
updates universe 2.55.0+dfsg-1ubuntu0.2
PPA: GetDeb Apps 2.85.1-1~getdeb1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.55.0+dfsg-1ubuntu0.2 2018-04-12 23:06:39 UTC

  calibre (2.55.0+dfsg-1ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: JavaScript in a book can access local files using
    XMLHttpRequest (LP: #1758699).
    - fix-CVE-2016-10187.patch
    - CVE-2016-10187
  * SECURITY UPDATE: Malicious code execution when using CPickle instead of
    JSON.
    - fix-CVE-2018-7889.patch
    - CVE-2018-7889

 -- Simon Quigley <email address hidden> Wed, 11 Apr 2018 23:50:09 -0500

1758699 [CVE] JavaScript in a book can access local files using XMLHttpRequest
CVE-2016-10187 The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript.
CVE-2018-7889 gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code



About   -   Send Feedback to @ubuntu_updates