[SECURITY] [DLA 859-1] calibre security update

Brian May Fri, 17 Mar 2017 01:41:50 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : calibre
Version        : 0.8.51+dfsg1-0.1+deb7u1
CVE ID         : CVE-2016-10187
Debian Bug     : 853004



It was found that a javascript present in the book can access files on the
computer using XMLHttpRequest.

For Debian 7 "Wheezy", these problems have been fixed in version
0.8.51+dfsg1-0.1+deb7u1.

We recommend that you upgrade your calibre packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE1jZRJqkttWDGJ6ztF4RXf4EfbqwFAljLoPkACgkQF4RXf4Ef
bqy5kBAA1OY6GLSm4DzrzaC/BcMj3DIPoWwvMrraxS0bDZxP8CvBzBHBDtTklZeB
dK7HfrYubRm4/VNs8q7cKfXYMk2ljhd8ogvqf0ND07QPxY+c5NyX6QPBj52ThnI0
1Lqub8j1FSEbiMK0ARF2s1MRSJ5WDLOCTpXPkRoZA7pJXobRpPzT/d2xEqgU3CNP
8FVB1IfOqDMp0+FF/dBpgaIWeZaABOiY4Wcp3E+0+TEzOGJXotQhqiqGDqgz/SNS
VB5+cQ5oQn5/4S5u3iysRcSv6BPADbQIWsq7EKcTlmacUi15WD2gUuncgz/dgnGq
qaJlzGgGzGGOMK9uEv1m77fGQ5Gb7FurC91MjhyH81AUP/ETShUF4j20iM/gs5ZG
2EBVhtsDaaDoqP65QCkP9I/bCisz9IfayfJlE6/97U30qNla+jdCzkCnQL3qWp2m
zX15Dm0FyqI4DKNFhdui19+DPRBM52zuCUgXSQwyrd2AVEk1HVOZGQ48LTuO2iJd
hGHlsXgMyxr64SGWssdAQoKlZ5yZ87F3ZGEAN54Ymvp14Az6I6Of5+hHMi35EHpk
OzwwtDOSyKvJiZDjWPFj/8hlsHmfxMrmjl7DWH3LpyvOe7FER9skIB6vG7MD5y6G
YOq6HTEiUc22W/d7KkL6LSYI8KJKWHmTRNX/uzFfEY2X9pgBz6k=
=7eSx
-----END PGP SIGNATURE-----

[SECURITY] [DLA 859-1] calibre security update

Reply via email to