I contacted the blog author (using the contact form on the blog) to ask about details of the calibre fix. I sent the following question:
------------------- 8< -------------- Hello! I'd like to check if this affects the Calibre version that is shipped in stable Debian/Ubuntu releases, and fix it there. Do you have some more information about that? There is no Calibre 1.80 (the next release after 1.48 was 2.0), so things that would help me to identify the fix would be any of those: - Did you file a bug report, or just sent a mail? If it's a bug report, do you have the URL? - If the above is not available: When exactly did you contact upstream? - If the above is not available: In which calibre version did that get fixed? Thank you! ------------------- 8< -------------- -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1372400 Title: calibre vulnerable to XSS attack in book titles To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/calibre/+bug/1372400/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
