[Bug 1758699] Re: [CVE] JavaScript in a book can access local files using XMLHttpRequest

Launchpad Bug Tracker Thu, 12 Apr 2018 14:21:52 -0700

This bug was fixed in the package calibre - 3.7.0+dfsg-2ubuntu0.1

---------------
calibre (3.7.0+dfsg-2ubuntu0.1) artful-security; urgency=medium


  * SECURITY UPDATE: Malicious code execution when using CPickle instead of
    JSON (LP: #1758699).
    - fix-CVE-2018-7889.patch
    - CVE-2018-7889

 -- Simon Quigley <[email protected]>  Thu, 12 Apr 2018 00:02:07 -0500

** Changed in: calibre (Ubuntu Artful)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1758699

Title:
  [CVE] JavaScript in a book can access local files using XMLHttpRequest

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/calibre/+bug/1758699/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1758699] Re: [CVE] JavaScript in a book can access local files using XMLHttpRequest

Reply via email to