This bug was fixed in the package calibre - 2.55.0+dfsg-1ubuntu0.2
---------------
calibre (2.55.0+dfsg-1ubuntu0.2) xenial-security; urgency=medium
* SECURITY UPDATE: JavaScript in a book can access local files using
XMLHttpRequest (LP: #1758699).
- fix-CVE-2016-10187.patch
- CVE-2016-10187
* SECURITY UPDATE: Malicious code execution when using CPickle instead of
JSON.
- fix-CVE-2018-7889.patch
- CVE-2018-7889
-- Simon Quigley <[email protected]> Wed, 11 Apr 2018 23:50:09 -0500
** Changed in: calibre (Ubuntu Xenial)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1758699
Title:
[CVE] JavaScript in a book can access local files using XMLHttpRequest
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/calibre/+bug/1758699/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
