← Back to team overview

edubuntu-bugs team mailing list archive

  1. edubuntu-bugs team
  2. Mailing list archive
  3. Message #08147

[Bug 1758699] [NEW] [CVE] JavaScript in a book can access local files using XMLHttpRequest

  Thread PreviousDate PreviousThread Next 
Public bug reported:

The E-book viewer in calibre before 2.75 allows remote attackers to read
arbitrary files via a crafted epub file with JavaScript.

** Affects: calibre (Ubuntu)
     Importance: Medium
         Status: Fix Released

** Affects: calibre (Ubuntu Trusty)
     Importance: Medium
     Assignee: Simon Quigley (tsimonq2)
         Status: New

** Affects: calibre (Ubuntu Xenial)
     Importance: Medium
     Assignee: Simon Quigley (tsimonq2)
         Status: New

** Also affects: calibre (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Also affects: calibre (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Changed in: calibre (Ubuntu Trusty)
     Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: calibre (Ubuntu Xenial)
     Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: calibre (Ubuntu Trusty)
   Importance: Undecided => Medium

** Changed in: calibre (Ubuntu Xenial)
   Importance: Undecided => Medium

** Changed in: calibre (Ubuntu)
   Importance: Undecided => Medium

** Changed in: calibre (Ubuntu)
       Status: New => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-10187

-- 
You received this bug notification because you are a member of Edubuntu
Bugsquad, which is subscribed to calibre in Ubuntu.
https://bugs.launchpad.net/bugs/1758699

Title:
  [CVE] JavaScript in a book can access local files using XMLHttpRequest

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/calibre/+bug/1758699/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next