edubuntu-bugs team mailing list archive
-
edubuntu-bugs team
-
Mailing list archive
-
Message #08179
[Bug 1758699] Re: [CVE] JavaScript in a book can access local files using XMLHttpRequest
In the meantime, I have updated my PPA with working fixes (I tested each
in a fresh VM; they work as intended and fix the security issue) for
Xenial and Artful.
Security Team, feel free to copy my packages to your PPA:
https://launchpad.net/~tsimonq2/+archive/ubuntu/security-test-builds/+sourcepub/8981311/+listing-archive-extra
https://launchpad.net/~tsimonq2/+archive/ubuntu/security-test-builds/+sourcepub/8981308/+listing-archive-extra
The diffs for each are on that page if you would like to do it manually.
Please sponsor each to go into Ubuntu.
Thanks.
--
You received this bug notification because you are a member of Edubuntu
Bugsquad, which is subscribed to calibre in Ubuntu.
https://bugs.launchpad.net/bugs/1758699
Title:
[CVE] JavaScript in a book can access local files using XMLHttpRequest
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/calibre/+bug/1758699/+subscriptions
References