Hello Salvatore, > That should IMHO get its metadata fixed, that is get the bug fixed in > 9.8.0+ds+~0.10.5-1 and so add a founds version in an anchor of the > trixie version.
I was updated metadata. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135543 And I also update salsa and make new debdiff. https://github.com/debian-calibre/calibre/compare/debian/8.5.0+ds-1+deb13u2...debian/trixie > Can you ask upstream if they will publish a GHSA for both issues > eparately and request CVEs? I asked upstream, but he will not publish GHSA. > https://github.com/kovidgoyal/calibre/pull/3101#issuecomment-4414599088 > No, as I said I dont really consider these security issues. DirCaontainer is > the only one that might be one, but given its fixed anyway I am not that > fussed about it. That said if you want a security advisory for credit feel > free to make one for the dircontainer issue and I will publish it. -- YOKOTA Hiroshi
calibre_8.5.0+ds-1+deb13u3-1.debdiff
Description: Binary data
