Public bug reported:
The E-book viewer in calibre before 2.75 allows remote attackers to read
arbitrary files via a crafted epub file with JavaScript.
** Affects: calibre (Ubuntu)
Importance: Medium
Status: Fix Released
** Affects: calibre (Ubuntu Trusty)
Importance: Medium
Assignee: Simon Quigley (tsimonq2)
Status: New
** Affects: calibre (Ubuntu Xenial)
Importance: Medium
Assignee: Simon Quigley (tsimonq2)
Status: New
** Also affects: calibre (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: calibre (Ubuntu Trusty)
Importance: Undecided
Status: New
** Changed in: calibre (Ubuntu Trusty)
Assignee: (unassigned) => Simon Quigley (tsimonq2)
** Changed in: calibre (Ubuntu Xenial)
Assignee: (unassigned) => Simon Quigley (tsimonq2)
** Changed in: calibre (Ubuntu Trusty)
Importance: Undecided => Medium
** Changed in: calibre (Ubuntu Xenial)
Importance: Undecided => Medium
** Changed in: calibre (Ubuntu)
Importance: Undecided => Medium
** Changed in: calibre (Ubuntu)
Status: New => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-10187
--
You received this bug notification because you are a member of Edubuntu
Bugsquad, which is subscribed to calibre in Ubuntu.
https://bugs.launchpad.net/bugs/1758699
Title:
[CVE] JavaScript in a book can access local files using XMLHttpRequest
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/calibre/+bug/1758699/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~edubuntu-bugs
Post to : edubuntu-bugs@lists.launchpad.net
Unsubscribe : https://launchpad.net/~edubuntu-bugs
More help : https://help.launchpad.net/ListHelp
