Package "calibre"

Name:	calibre
Description:	e-book converter and library management
Latest version:	1.25.0+dfsg-1ubuntu1.2
Release:	trusty (14.04)
Level:	security
Repository:	universe
Homepage:	http://calibre-ebook.com

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "calibre"

All arch deb package

APT INSTALL

Other versions of "calibre" in Trusty

Repository	Area	Version
base	universe	1.25.0+dfsg-1build1
updates	universe	1.25.0+dfsg-1ubuntu1.2
PPA: GetDeb Apps		1.48.0-1~getdeb1

Packages in group

Deleted packages are displayed in grey.

calibre-bin

Changelog

Version: 1.25.0+dfsg-1ubuntu1.2 2018-04-13 16:06:41 UTC

calibre (1.25.0+dfsg-1ubuntu1.2) trusty-security; urgency=medium * SECURITY UPDATE: JavaScript in a book can access local files using XMLHttpRequest (LP: #1758699). - fix-CVE-2016-10187.patch - CVE-2016-10187 * SECURITY UPDATE: Malicious code execution when using CPickle instead of JSON (LP: #1758699). - fix-CVE-2018-7889.patch - CVE-2018-7889 -- Simon Quigley <email address hidden> Thu, 12 Apr 2018 16:06:17 -0500

1758699	[CVE] JavaScript in a book can access local files using XMLHttpRequest
CVE-2016-10187	The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript.
CVE-2018-7889	gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code

About - Send Feedback to @ubuntu_updates

Package "calibre"

Links

Download "calibre"

Other versions of "calibre" in Trusty

Packages in group

Changelog

Share this page

Bookmarks

Latest updates

proposed

updates

security

PPA updates