edubuntu-bugs team mailing list archive
-
edubuntu-bugs team
-
Mailing list archive
-
Message #08181
[Bug 1758699] Re: [CVE] JavaScript in a book can access local files using XMLHttpRequest
This bug was fixed in the package calibre - 3.7.0+dfsg-2ubuntu0.1
---------------
calibre (3.7.0+dfsg-2ubuntu0.1) artful-security; urgency=medium
* SECURITY UPDATE: Malicious code execution when using CPickle instead of
JSON (LP: #1758699).
- fix-CVE-2018-7889.patch
- CVE-2018-7889
-- Simon Quigley <tsimonq2@xxxxxxxxxx> Thu, 12 Apr 2018 00:02:07 -0500
** Changed in: calibre (Ubuntu Artful)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Edubuntu
Bugsquad, which is subscribed to calibre in Ubuntu.
https://bugs.launchpad.net/bugs/1758699
Title:
[CVE] JavaScript in a book can access local files using XMLHttpRequest
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/calibre/+bug/1758699/+subscriptions
References