Antoine Beaupré pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e79de75b by Antoine Beaupré at 2018-04-18T17:12:36-04:00
calibre: upstream patch insufficient
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -5416,7 +5416,8 @@ CVE-2018-7890 (A remote code execution issue was
discovered in Zoho ManageEngine
CVE-2018-7889 (gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls
cPickle.load on ...)
- calibre 3.19.0+dfsg-1 (bug #892242)
NOTE: https://bugs.launchpad.net/calibre/+bug/1753870
- NOTE:
https://github.com/kovidgoyal/calibre/commit/aeb5b036a0bf657951756688b3c72bd68b6e4a7d
+ NOTE: deserialization fix
https://github.com/kovidgoyal/calibre/commit/aeb5b036a0bf657951756688b3c72bd68b6e4a7d
+ NOTE: insufficient as import also loads configuration files, which are
python executables, see https://lists.debian.org/[email protected]
CVE-2018-1000122 (A buffer over-read exists in curl 7.20.0 to and including
curl 7.58.0 ...)
{DSA-4136-1 DLA-1309-1}
- curl <unfixed> (bug #893546)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e79de75b0f39d5a1dba7adf967aea292fe638f9c
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e79de75b0f39d5a1dba7adf967aea292fe638f9c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
