[Git][security-tracker-team/security-tracker][master] Update status for calibre
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Aug 25 08:05:32 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
67df3842 by Salvatore Bonaccorso at 2024-08-25T09:05:00+02:00
Update status for calibre
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4892,16 +4892,21 @@ CVE-2024-7055 (A vulnerability was found in FFmpeg up to 7.0.1. It has been clas
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5372bfe01e4a04357ab4465c1426cf8c6412dfd5 (n5.1.6)
CVE-2024-7009 (Unsanitized user-input in Calibre <= 7.15.0 allow users with permissio ...)
- calibre 7.16.0+ds-1
+ [bookworm] - calibre <no-dsa> (Minor issue)
+ [bullseye] - calibre <no-dsa> (Minor issue)
NOTE: https://starlabs.sg/advisories/24/24-7009/
NOTE: https://github.com/kovidgoyal/calibre/commit/d56574285e8859d3d715eb7829784ee74337b7d7 (v7.16.0)
CVE-2024-7008 (Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform ...)
- calibre 7.16.0+ds-1
+ [bookworm] - calibre <no-dsa> (Minor issue)
+ [bullseye] - calibre <no-dsa> (Minor issue)
NOTE: https://starlabs.sg/advisories/24/24-7008/
NOTE: https://github.com/kovidgoyal/calibre/commit/863abac24e7bc3e5ca0b3307362ff1953ba53fe0 (v7.16.0)
CVE-2024-6886 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- gitea <removed>
CVE-2024-6782 (Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticate ...)
- calibre 7.16.0+ds-1
+ [bookworm] - calibre <no-dsa> (Minor issue)
[bullseye] - calibre <not-affected> (Vulnerable code not present)
NOTE: https://starlabs.sg/advisories/24/24-6782/
NOTE: https://bugs.launchpad.net/calibre/+bug/2075128
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67df3842f0c83055ae6479b66bb078e1efe2584b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67df3842f0c83055ae6479b66bb078e1efe2584b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240825/8806a403/attachment.htm>
More information about the debian-security-tracker-commits
mailing list