[Git][security-tracker-team/security-tracker][master] Add new calibre issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Feb 7 09:03:05 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f59826c1 by Salvatore Bonaccorso at 2026-02-07T10:02:38+01:00
Add new calibre issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -67,15 +67,21 @@ CVE-2026-25749 (Vim is an open source, command line text editor. Prior to versio
 CVE-2026-25732 (NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's File ...)
 	NOT-FOR-US: NiceGUI
 CVE-2026-25731 (calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template I ...)
-	TODO: check
+	- calibre 9.2.0+ds+~0.10.5-1
+	NOTE: https://github.com/kovidgoyal/calibre/security/advisories/GHSA-xrh9-w7qx-3gcc
+	NOTE: Fixed by: https://github.com/kovidgoyal/calibre/commit/f0649b27512e987b95fcab2e1e0a3bcdafc23379 (v9.2.0)
 CVE-2026-25729 (DeepAudit is a multi-agent system for code vulnerability discovery. In ...)
 	NOT-FOR-US: DeepAudit
 CVE-2026-25644 (DataHub is an open-source metadata platform. Prior to version 1.3.1.8, ...)
 	NOT-FOR-US: DataHub
 CVE-2026-25636 (calibre is an e-book manager. In 9.1.0 and earlier, a path traversal v ...)
-	TODO: check
+	- calibre 9.2.0+ds+~0.10.5-1
+	NOTE: https://github.com/kovidgoyal/calibre/security/advisories/GHSA-8r26-m7j5-hm29
+	NOTE: Fixed by: https://github.com/kovidgoyal/calibre/commit/9484ea82c6ab226c18e6ca5aa000fa16de598726 (v9.2.0)
 CVE-2026-25635 (calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader con ...)
-	TODO: check
+	- calibre 9.2.0+ds+~0.10.5-1
+	NOTE: https://github.com/kovidgoyal/calibre/security/advisories/GHSA-32vh-whvh-9fxr
+	NOTE: Fixed by: https://github.com/kovidgoyal/calibre/commit/9739232fcb029ac15dfe52ccd4fdb4a07ebb6ce9 (v9.2.0)
 CVE-2026-25634 (iccDEV provides a set of libraries and tools that allow for the intera ...)
 	NOT-FOR-US: iccDEV
 CVE-2026-25632 (EPyT-Flow is a Python package designed for the easy generation of hydr ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f59826c1fee28d8a6da1f43b6aab0a244d9f3ab0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f59826c1fee28d8a6da1f43b6aab0a244d9f3ab0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260207/47b1630c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list