[Git][security-tracker-team/security-tracker][master] Reserve DLA-4554-1 for calibre

Wed Apr 29 14:10:06 BST 2026


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
464e853c by Sylvain Beucler at 2026-04-29T15:09:33+02:00
Reserve DLA-4554-1 for calibre

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -40221,14 +40221,12 @@ CVE-2026-25636 (calibre is an e-book manager. In 9.1.0 and earlier, a path trave
 	- calibre 9.2.0+ds+~0.10.5-1
 	[trixie] - calibre <no-dsa> (Will be fixed via point update)
 	[bookworm] - calibre <no-dsa> (Will be fixed via point update)
-	[bullseye] - calibre <postponed> (Can be piggy-back'd with future DLA)
 	NOTE: https://github.com/kovidgoyal/calibre/security/advisories/GHSA-8r26-m7j5-hm29
 	NOTE: Fixed by: https://github.com/kovidgoyal/calibre/commit/9484ea82c6ab226c18e6ca5aa000fa16de598726 (v9.2.0)
 CVE-2026-25635 (calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader con ...)
 	- calibre 9.2.0+ds+~0.10.5-1
 	[trixie] - calibre <no-dsa> (Will be fixed via point update)
 	[bookworm] - calibre <no-dsa> (Will be fixed via point update)
-	[bullseye] - calibre <postponed> (Can be piggy-back'd with future DLA)
 	NOTE: https://github.com/kovidgoyal/calibre/security/advisories/GHSA-32vh-whvh-9fxr
 	NOTE: Fixed by: https://github.com/kovidgoyal/calibre/commit/9739232fcb029ac15dfe52ccd4fdb4a07ebb6ce9 (v9.2.0)
 CVE-2026-25634 (iccDEV provides a set of libraries and tools that allow for the intera ...)
@@ -76089,7 +76087,6 @@ CVE-2025-64486 (calibre is an e-book manager. In versions 8.13.0 and prior, cali
 	- calibre 8.14.0+ds+~0.10.5-1
 	[trixie] - calibre 8.5.0+ds-1+deb13u1
 	[bookworm] - calibre 6.13.0+repack-2+deb12u5
-	[bullseye] - calibre <postponed> (Minor issue; fix after bookworm)
 	NOTE: https://github.com/kovidgoyal/calibre/security/advisories/GHSA-hpwq-c98h-xp8g
 	NOTE: Fixed by: https://github.com/kovidgoyal/calibre/commit/6f94bce214bf7d43c829804db3741afa5e83c0c5 (v8.14.0)
 CVE-2025-64485 (CVAT is an open source interactive video and image annotation tool for ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[29 Apr 2026] DLA-4554-1 calibre - security update
+	{CVE-2025-64486 CVE-2026-25635 CVE-2026-25636 CVE-2026-26064 CVE-2026-26065}
+	[bullseye] - calibre 5.12.0+dfsg-1+deb11u4
 [29 Apr 2026] DLA-4553-1 policykit-1 - security update
 	{CVE-2021-4115 CVE-2026-4897}
 	[bullseye] - policykit-1 0.105-31+deb11u2


=====================================
data/dla-needed.txt
=====================================
@@ -74,6 +74,7 @@ ca-certificates
 --
 calibre (Abhijith PA)
   NOTE: 20260222: Added by Front-Desk (rouca)
+  NOTE: 20260429: partial update (abhijith)
 --
 ckeditor
   NOTE: 20241002: Added by Front-Desk (Beuc)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/464e853c7d2b798a6a76b3867fdec7b6426525b3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/464e853c7d2b798a6a76b3867fdec7b6426525b3
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260429/978c19b3/attachment-0001.htm>
