edubuntu-bugs team mailing list archive

Thread
Date

[Bug 1758699] Re: [CVE] JavaScript in a book can access local files using XMLHttpRequest

To: edubuntu-bugs@xxxxxxxxxxxxxxxxxxx
From: Simon Quigley <tsimonq2@xxxxxxxxxx>
Date: Sun, 25 Mar 2018 17:47:12 -0000
Reply-to: Bug 1758699 <1758699@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I have uploaded these fixes (for Xenial and Trusty) to a fresh test PPA
of mine with all architectures switched on and only the security repo
enabled. I then tested both in VMs of each release, and they work as
intended. It also fixes the security issue.

Security Team, feel free to copy my packages to your PPA:
https://launchpad.net/~tsimonq2/+archive/ubuntu/security-test-builds/+sourcepub/8878700/+listing-archive-extra
https://launchpad.net/~tsimonq2/+archive/ubuntu/security-test-builds/+sourcepub/8878706/+listing-archive-extra

The diffs for each are on that page if you would like to do it manually.

Please sponsor each to go into Ubuntu.

Thanks.

** Changed in: calibre (Ubuntu Trusty)
       Status: New => In Progress

** Changed in: calibre (Ubuntu Xenial)
       Status: New => In Progress

-- 
You received this bug notification because you are a member of Edubuntu
Bugsquad, which is subscribed to calibre in Ubuntu.
https://bugs.launchpad.net/bugs/1758699

Title:
  [CVE] JavaScript in a book can access local files using XMLHttpRequest

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/calibre/+bug/1758699/+subscriptions

References

[Bug 1758699] [NEW] [CVE] JavaScript in a book can access local files using XMLHttpRequest
From: Simon Quigley, 2018-03-25