[Git][security-tracker-team/security-tracker][master] calibre ospu/spu

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Nov 9 14:38:57 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bc0904c5 by Moritz Mühlenhoff at 2025-11-09T15:38:39+01:00
calibre ospu/spu

- - - - -


4 changed files:

- data/CVE/list
- data/dsa-needed.txt
- data/next-oldstable-point-update.txt
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -59,6 +59,8 @@ CVE-2025-64488 (SuiteCRM is an open-source, enterprise-ready Customer Relationsh
 	NOT-FOR-US: SuiteCRM
 CVE-2025-64486 (calibre is an e-book manager. In versions 8.13.0 and prior, calibre do ...)
 	- calibre 8.14.0+ds+~0.10.5-1
+	[trixie] - calibre <no-dsa> (Will be fixed via point update)
+	[bookworm] - calibre <no-dsa> (Will be fixed via point update)
 	NOTE: https://github.com/kovidgoyal/calibre/security/advisories/GHSA-hpwq-c98h-xp8g
 	NOTE: Fixed by: https://github.com/kovidgoyal/calibre/commit/6f94bce214bf7d43c829804db3741afa5e83c0c5 (v8.14.0)
 CVE-2025-64485 (CVAT is an open source interactive video and image annotation tool for ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -15,8 +15,6 @@ If needed, specify the release by adding a slash after the name of the source pa
 amd64-microcode (carnil)
   Coordinating with maintainer DSA/bookworm-pu and sync with mitgations in src:linux
 --
-calibre
---
 cpp-httplib
   Maintainer preparing updates, waiting for feedback on bookworm status
 --


=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -174,3 +174,5 @@ CVE-2025-61921
 	[bookworm] - ruby-sinatra 3.0.5-3+deb12u1
 CVE-2025-11568
 	[bookworm] - luksmeta 9-4+deb12u1
+CVE-2025-64486
+	[bookworm] - calibre 6.13.0+repack-2+deb12u5


=====================================
data/next-point-update.txt
=====================================
@@ -105,3 +105,5 @@ CVE-2024-38805
 	[trixie] - edk2 2025.02-8+deb13u1
 CVE-2025-3770
 	[trixie] - edk2 2025.02-8+deb13u1
+CVE-2025-64486
+	[trixie] - calibre 8.5.0+ds-1+deb13u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc0904c5d5294a8896431575af8e65764bccc2dc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc0904c5d5294a8896431575af8e65764bccc2dc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251109/5ec5318b/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list