[Edubuntu-bugs] [Bug 1758699] Re: [CVE] JavaScript in a book can access local files using XMLHttpRequest

Launchpad Bug Tracker Fri, 13 Apr 2018 08:11:43 -0700

This bug was fixed in the package calibre - 1.25.0+dfsg-1ubuntu1.2

---------------
calibre (1.25.0+dfsg-1ubuntu1.2) trusty-security; urgency=medium


  * SECURITY UPDATE: JavaScript in a book can access local files using
    XMLHttpRequest (LP: #1758699).
    - fix-CVE-2016-10187.patch
    - CVE-2016-10187
  * SECURITY UPDATE: Malicious code execution when using CPickle instead of
    JSON (LP: #1758699).
    - fix-CVE-2018-7889.patch
    - CVE-2018-7889

 -- Simon Quigley <tsimo...@ubuntu.com>  Thu, 12 Apr 2018 16:06:17 -0500

** Changed in: calibre (Ubuntu Trusty)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Edubuntu
Bugsquad, which is subscribed to calibre in Ubuntu.
https://bugs.launchpad.net/bugs/1758699

Title:
  [CVE] JavaScript in a book can access local files using XMLHttpRequest

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/calibre/+bug/1758699/+subscriptions

_______________________________________________
Mailing list: https://launchpad.net/~edubuntu-bugs
Post to     : edubuntu-bugs@lists.launchpad.net
Unsubscribe : https://launchpad.net/~edubuntu-bugs
More help   : https://help.launchpad.net/ListHelp

[Edubuntu-bugs] [Bug 1758699] Re: [CVE] JavaScript in a book can access local files using XMLHttpRequest

Reply via email to