|
|
Subscribe / Log in / New account

Debian alert DLA-3862-1 (calibre)



From:
              Adrian Bunk <bunk@debian.org>


To:
              debian-lts-announce@lists.debian.org


Subject:
              [SECURITY] [DLA 3862-1] calibre security update


Date:
              Mon, 02 Sep 2024 23:14:34 +0300


Message-ID:
              <ZtYcqtFLzAj3wcag@localhost>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3862-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
September 02, 2024                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : calibre
Version        : 5.12.0+dfsg-1+deb11u3
CVE ID         : CVE-2021-44686 CVE-2023-46303
Debian Bug     : 

Two vulnerabilities have been fixed in the e-book manager Calibre.

CVE-2021-44686

    Regular Expression Denial of Service

CVE-2023-46303

    HTML Input: Don't add resources that exist outside the document root 
    by default

For Debian 11 bullseye, these problems have been fixed in version
5.12.0+dfsg-1+deb11u3.

We recommend that you upgrade your calibre packages.

For the detailed security status of calibre please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/calibre

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmbWHKcACgkQiNJCh6LY
mLFuehAAokiN7Brfvo8OgM46q4JUaSxokadez5BZzqU+/Y8ClWZlqcKSrbhcbSb2
Jp7ojiJ0aRk/WZ88zvKLbH01jRlauIAN82b2w3bfpIywpjt6OBx7rxn8891jjzm7
uhdQwY9OBbzOE0t04Anc7b/h1/ZLvjjMHDGSle1Cvcqngey7P5kO80JyFJ/Ffe96
72VplJHxVL9OiTbT61nU+XxwdFFIdGiyZBiRr7XqU+RcTEnEWBtPJTYfi5RF4jNb
CaZ4kpAwBr49i8vUdVlFm7YhoscFy1sAlNQ81wKUuacNYCLYAfbryOs800s13ODt
hibhb3Tpivu1fBbGV/+kHVGM0YlrYSiMXXrtp2CA4SfRvykkIwb7XRLiYiqLkcTV
IYEGtRChtBnTFqQ45nHwcqlxPR8x93XAz7iNiICx1XmlktcxSapeaqN3hYAoehIT
U8CwnYAQa1Xd1N32jxCIjlXpm2mYpC9PcLyjVsb5S4+OuuuHHb2vSw++9eHqB7i+
LiKZcBUy/wK1Bh1dTNWaXLixzLb+U9TVOirRBzLbZDUKgMYjqrgTl/9VY8XTLB3c
RaeFmhW6B53CHN9D57pz38mJGTHZwRrMAagLxGuMTEjR+/WxqI7DgqT7C8bELaXz
Eiv6C9g1zLdDuZKiVj6l+veEbhG/Wx9tb6HnhGJB6BmF0Cb72qg=
=YtnM
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds