[Git][security-tracker-team/security-tracker][master] calibre ospu
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun Feb 8 19:59:48 GMT 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
30d0fef1 by Moritz Mühlenhoff at 2026-02-08T20:59:11+01:00
calibre ospu
- - - - -
2 changed files:
- data/CVE/list
- data/next-oldstable-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -217,6 +217,8 @@ CVE-2026-25732 (NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI'
NOT-FOR-US: NiceGUI
CVE-2026-25731 (calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template I ...)
- calibre 9.2.0+ds+~0.10.5-1
+ [trixie] - calibre <no-dsa> (Will be fixed via point update)
+ [bookworm] - calibre <no-dsa> (Will be fixed via point update)
NOTE: https://github.com/kovidgoyal/calibre/security/advisories/GHSA-xrh9-w7qx-3gcc
NOTE: Fixed by: https://github.com/kovidgoyal/calibre/commit/f0649b27512e987b95fcab2e1e0a3bcdafc23379 (v9.2.0)
CVE-2026-25729 (DeepAudit is a multi-agent system for code vulnerability discovery. In ...)
@@ -225,10 +227,14 @@ CVE-2026-25644 (DataHub is an open-source metadata platform. Prior to version 1.
NOT-FOR-US: DataHub
CVE-2026-25636 (calibre is an e-book manager. In 9.1.0 and earlier, a path traversal v ...)
- calibre 9.2.0+ds+~0.10.5-1
+ [trixie] - calibre <no-dsa> (Will be fixed via point update)
+ [bookworm] - calibre <no-dsa> (Will be fixed via point update)
NOTE: https://github.com/kovidgoyal/calibre/security/advisories/GHSA-8r26-m7j5-hm29
NOTE: Fixed by: https://github.com/kovidgoyal/calibre/commit/9484ea82c6ab226c18e6ca5aa000fa16de598726 (v9.2.0)
CVE-2026-25635 (calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader con ...)
- calibre 9.2.0+ds+~0.10.5-1
+ [trixie] - calibre <no-dsa> (Will be fixed via point update)
+ [bookworm] - calibre <no-dsa> (Will be fixed via point update)
NOTE: https://github.com/kovidgoyal/calibre/security/advisories/GHSA-32vh-whvh-9fxr
NOTE: Fixed by: https://github.com/kovidgoyal/calibre/commit/9739232fcb029ac15dfe52ccd4fdb4a07ebb6ce9 (v9.2.0)
CVE-2026-25634 (iccDEV provides a set of libraries and tools that allow for the intera ...)
=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -42,3 +42,9 @@ CVE-2025-66034
[bookworm] - fonttools 4.38.0-1+deb12u1
CVE-2023-45139
[bookworm] - fonttools 4.38.0-1+deb12u1
+CVE-2026-25636
+ [bookworm] - calibre 6.13.0+repack-2+deb12u6
+CVE-2026-25635
+ [bookworm] - calibre 6.13.0+repack-2+deb12u6
+CVE-2026-25731
+ [bookworm] - calibre 6.13.0+repack-2+deb12u6
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30d0fef14be831d2c9a88ec5fe6a7be34fe63d1a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30d0fef14be831d2c9a88ec5fe6a7be34fe63d1a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260208/56b2c6a2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list