[Git][security-tracker-team/security-tracker][master] Add four new calibre CVEs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Aug 6 11:48:36 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
18eeefe0 by Salvatore Bonaccorso at 2024-08-06T12:42:23+02:00
Add four new calibre CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27,15 +27,23 @@ CVE-2024-7082 (The Easy Table of Contents WordPress plugin before 2.0.68 does no
 CVE-2024-7055 (A vulnerability was found in FFmpeg up to 7.0.1. It has been classifie ...)
 	TODO: check
 CVE-2024-7009 (Unsanitized user-input in Calibre <= 7.15.0 allow users with permissio ...)
-	TODO: check
+	- calibre 7.16.0+ds-1
+	NOTE: https://starlabs.sg/advisories/24/24-7009/
+	NOTE: https://github.com/kovidgoyal/calibre/commit/d56574285e8859d3d715eb7829784ee74337b7d7 (v7.16.0)
 CVE-2024-7008 (Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform ...)
-	TODO: check
+	- calibre 7.16.0+ds-1
+	NOTE: https://starlabs.sg/advisories/24/24-7008/
+	NOTE: https://github.com/kovidgoyal/calibre/commit/863abac24e7bc3e5ca0b3307362ff1953ba53fe0 (v7.16.0)
 CVE-2024-6886 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	- gitea <removed>
 CVE-2024-6782 (Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticate ...)
-	TODO: check
+	- calibre 7.16.0+ds-1
+	NOTE: https://starlabs.sg/advisories/24/24-6782/
+	NOTE: https://github.com/kovidgoyal/calibre/commit/38a1bf50d8cd22052ae59c513816706c6445d5e9 (v7.16.0)
 CVE-2024-6781 (Path traversal in Calibre <= 7.14.0 allow unauthenticated attackers to ...)
-	TODO: check
+	- calibre 7.16.0+ds-1
+	NOTE: https://starlabs.sg/advisories/24/24-6781/
+	NOTE: https://github.com/kovidgoyal/calibre/commit/bcd0ab12c41a887f8290a9b56e46c3a29038d9c4 (v7.16.0)
 CVE-2024-6766 (The shortcodes-ultimate-pro WordPress plugin before 7.2.1 does not val ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-6651 (The WordPress File Upload WordPress plugin before 4.24.8 does not sani ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18eeefe05318b211d1f02f2c09a5590479fa987c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18eeefe05318b211d1f02f2c09a5590479fa987c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240806/6204d9ef/attachment.htm>

More information about the debian-security-tracker-commits mailing list