UbuntuUpdates.org

Package "calibre-bin"

Name: calibre-bin

Description:

e-book converter and library management

Latest version: 1.25.0+dfsg-1ubuntu1.2
Release: trusty (14.04)
Level: updates
Repository: universe
Head package: calibre
Homepage: http://calibre-ebook.com

Links


Download "calibre-bin"


Other versions of "calibre-bin" in Trusty

Repository Area Version
base universe 1.25.0+dfsg-1build1
security universe 1.25.0+dfsg-1ubuntu1.2
PPA: GetDeb Apps 1.48.0-1~getdeb1

Changelog

Version: 1.25.0+dfsg-1ubuntu1.2 2018-04-13 17:06:36 UTC

  calibre (1.25.0+dfsg-1ubuntu1.2) trusty-security; urgency=medium

  * SECURITY UPDATE: JavaScript in a book can access local files using
    XMLHttpRequest (LP: #1758699).
    - fix-CVE-2016-10187.patch
    - CVE-2016-10187
  * SECURITY UPDATE: Malicious code execution when using CPickle instead of
    JSON (LP: #1758699).
    - fix-CVE-2018-7889.patch
    - CVE-2018-7889

 -- Simon Quigley <email address hidden> Thu, 12 Apr 2018 16:06:17 -0500

Source diff to previous version
1758699 [CVE] JavaScript in a book can access local files using XMLHttpRequest
CVE-2016-10187 The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript.
CVE-2018-7889 gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code

Version: 1.25.0+dfsg-1ubuntu1 2015-09-09 02:06:34 UTC

  calibre (1.25.0+dfsg-1ubuntu1) trusty; urgency=medium

  * d/p/Fix-1282898-Broken-Edit-Metadata-in-Bulk-commits-1.2.patch
    Fix broken Edit Metadata in Bulk commits 1.25.0
    (LP: #1282898)

 -- Louis Bouchard Mon, 25 Aug 2015 10:27:07 +0200

1282898 Broken Edit Metadata in Bulk commits 1.25.0



About   -   Send Feedback to @ubuntu_updates