edubuntu-bugs team mailing list archive

Thread
Date

[Bug 1758699] Re: [CVE] JavaScript in a book can access local files using XMLHttpRequest

To: edubuntu-bugs@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1758699@xxxxxxxxxxxxxxxxxx>
Date: Thu, 12 Apr 2018 21:00:12 -0000
Reply-to: Bug 1758699 <1758699@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package calibre - 2.55.0+dfsg-1ubuntu0.2

---------------
calibre (2.55.0+dfsg-1ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: JavaScript in a book can access local files using
    XMLHttpRequest (LP: #1758699).
    - fix-CVE-2016-10187.patch
    - CVE-2016-10187
  * SECURITY UPDATE: Malicious code execution when using CPickle instead of
    JSON.
    - fix-CVE-2018-7889.patch
    - CVE-2018-7889

 -- Simon Quigley <tsimonq2@xxxxxxxxxx>  Wed, 11 Apr 2018 23:50:09 -0500

** Changed in: calibre (Ubuntu Xenial)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Edubuntu
Bugsquad, which is subscribed to calibre in Ubuntu.
https://bugs.launchpad.net/bugs/1758699

Title:
  [CVE] JavaScript in a book can access local files using XMLHttpRequest

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/calibre/+bug/1758699/+subscriptions

References

[Bug 1758699] [NEW] [CVE] JavaScript in a book can access local files using XMLHttpRequest
From: Simon Quigley, 2018-03-25