Hello Adam, > Do we have any idea how likely it is that users will be affected here? > Is it worth a NEWS file?
Thank you for your suggestion. I add NEWS file entry about CVE-2026-25731. And I also add more CVE fixes. * CVE-2026-27810: HTTP Response Header Injection vulnerability in the calibre Content Server * CVE-2026-27824: an attacker can bypass IP-based bans on the calibre Content Server You can examine the changes from online: https://github.com/debian-calibre/calibre/compare/debian/8.5.0+ds-1+deb13u1...debian/trixie -- YOKOTA Hiroshi
calibre_8.5.0+ds-1+deb13u2-2.debdiff
Description: Binary data
