Source: calibre Version: 2.24.0+dfsg-1 Tags: security Dear Maintainer,
Calibre contains an embedded copy of outdated Mozilla's WOFF code (in src/calibre/utils/fonts/woff/), which is known to have some security issues. In particular: 1) https://bugzilla.mozilla.org/show_bug.cgi?id=552216 (aka CVE-2010-1028) Cherry-picking https://hg.mozilla.org/releases/mozilla-1.9.2/rev/827a6883442f will fix it. 2) https://bugzilla.mozilla.org/show_bug.cgi?id=522308 Cherry-picking https://hg.mozilla.org/mozilla-central/rev/69eb050f2c0a will fix it. Note: new Mozilla's releases do not contain the code in question anymore. -- Dmitry Shachnev
signature.asc
Description: OpenPGP digital signature
