Marc Deslauriers pointed out to me over IRC that Trusty and Xenial are also vulnerable to CVE-2018-7889.
So Trusty and Xenial need to receive patches for CVE-2016-10187 and CVE-2018-7889 while Artful just needs the patch for CVE-2018-7889. I think it makes sense to mark the separate bug I filed for CVE-2018-7889 a duplicate of this one. I'll update my PPA and test with this new information, and I'll report back. Thanks! ** Description changed: - The E-book viewer in calibre before 2.75 allows remote attackers to read - arbitrary files via a crafted epub file with JavaScript. + For CVE-2016-10187: + The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript. + + For CVE-2018-7889: + gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call. ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-7889 ** Also affects: calibre (Ubuntu Artful) Importance: Undecided Status: New -- You received this bug notification because you are a member of Edubuntu Bugsquad, which is subscribed to calibre in Ubuntu. https://bugs.launchpad.net/bugs/1758699 Title: [CVE] JavaScript in a book can access local files using XMLHttpRequest To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/calibre/+bug/1758699/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~edubuntu-bugs Post to : edubuntu-bugs@lists.launchpad.net Unsubscribe : https://launchpad.net/~edubuntu-bugs More help : https://help.launchpad.net/ListHelp
