[Git][security-tracker-team/security-tracker][master] Update status for CVE-2024-6781/calibre

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Aug 8 21:09:05 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7938bb29 by Salvatore Bonaccorso at 2024-08-08T22:07:51+02:00
Update status for CVE-2024-6781/calibre

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -702,8 +702,12 @@ CVE-2024-6782 (Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthent
 	NOTE: Introduced in: https://github.com/kovidgoyal/calibre/commit/1ecb96d76a7ff5269b3a85472cc64fe834407b60 (v6.9.0)
 CVE-2024-6781 (Path traversal in Calibre <= 7.14.0 allow unauthenticated attackers to ...)
 	- calibre 7.16.0+ds-1
+	[bookworm] - calibre <not-affected> (Vulnerable code not present)
+	[bullseye] - calibre <not-affected> (Vulnerable code not present)
 	NOTE: https://starlabs.sg/advisories/24/24-6781/
-	NOTE: https://github.com/kovidgoyal/calibre/commit/bcd0ab12c41a887f8290a9b56e46c3a29038d9c4 (v7.16.0)
+	NOTE: https://bugs.launchpad.net/calibre/+bug/2075125
+	NOTE: Introduced by: https://github.com/kovidgoyal/calibre/commit/b45ca52f0f99aaa6da040e594ce7ba3cc7145e02 (v6.16.0)
+	NOTE: Fixed by: https://github.com/kovidgoyal/calibre/commit/bcd0ab12c41a887f8290a9b56e46c3a29038d9c4 (v7.16.0)
 CVE-2024-6766 (The shortcodes-ultimate-pro WordPress plugin before 7.2.1 does not val ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-6651 (The WordPress File Upload WordPress plugin before 4.24.8 does not sani ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7938bb292672447ebcc44ec1163501ece5a57ef4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7938bb292672447ebcc44ec1163501ece5a57ef4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240808/3f98f7fe/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list