group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #22481
[Bug 1758699] [NEW] [CVE] JavaScript in a book can access local files using XMLHttpRequest
Public bug reported:
The E-book viewer in calibre before 2.75 allows remote attackers to read
arbitrary files via a crafted epub file with JavaScript.
** Affects: calibre (Ubuntu)
Importance: Medium
Status: Fix Released
** Affects: calibre (Ubuntu Trusty)
Importance: Medium
Assignee: Simon Quigley (tsimonq2)
Status: New
** Affects: calibre (Ubuntu Xenial)
Importance: Medium
Assignee: Simon Quigley (tsimonq2)
Status: New
** Also affects: calibre (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: calibre (Ubuntu Trusty)
Importance: Undecided
Status: New
** Changed in: calibre (Ubuntu Trusty)
Assignee: (unassigned) => Simon Quigley (tsimonq2)
** Changed in: calibre (Ubuntu Xenial)
Assignee: (unassigned) => Simon Quigley (tsimonq2)
** Changed in: calibre (Ubuntu Trusty)
Importance: Undecided => Medium
** Changed in: calibre (Ubuntu Xenial)
Importance: Undecided => Medium
** Changed in: calibre (Ubuntu)
Importance: Undecided => Medium
** Changed in: calibre (Ubuntu)
Status: New => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-10187
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1758699
Title:
[CVE] JavaScript in a book can access local files using XMLHttpRequest
Status in calibre package in Ubuntu:
Fix Released
Status in calibre source package in Trusty:
New
Status in calibre source package in Xenial:
New
Bug description:
The E-book viewer in calibre before 2.75 allows remote attackers to
read arbitrary files via a crafted epub file with JavaScript.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/calibre/+bug/1758699/+subscriptions
Follow ups