[Git][security-tracker-team/security-tracker][master] calibre spu/ospu

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Feb 22 21:30:03 GMT 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
35fd825c by Moritz Mühlenhoff at 2026-02-22T22:29:26+01:00
calibre spu/ospu

- - - - -


3 changed files:

- data/CVE/list
- data/next-oldstable-point-update.txt
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1210,10 +1210,14 @@ CVE-2026-26275 (httpsig-hyper is a hyper extension for http message signatures.
 	NOT-FOR-US: httpsig-hyper
 CVE-2026-26065 (calibre is a cross-platform e-book manager for viewing, converting, ed ...)
 	- calibre 9.3.0+ds+~0.10.5-1
+	[trixie] - calibre <no-dsa> (Minor issue)
+	[bookworm] - calibre <no-dsa> (Minor issue)
 	NOTE: https://github.com/kovidgoyal/calibre/security/advisories/GHSA-vmfh-7mr7-pp2w
 	NOTE: Fixed by: https://github.com/kovidgoyal/calibre/commit/b6da1c3878c06eb1356cb0ec1106cb66e0e9bfb8 (v9.3.0)
 CVE-2026-26064 (calibre is a cross-platform e-book manager for viewing, converting, ed ...)
 	- calibre 9.3.0+ds+~0.10.5-1
+	[trixie] - calibre <no-dsa> (Minor issue)
+	[bookworm] - calibre <no-dsa> (Minor issue)
 	NOTE: https://github.com/kovidgoyal/calibre/security/advisories/GHSA-72ch-3hqc-pgmp
 	NOTE: Fixed by: https://github.com/kovidgoyal/calibre/commit/e1b5f9b45a5e8fa96c136963ad9a1d35e6adac62 (v9.3.0)
 CVE-2026-24122 (Cosign provides code signing and transparency for containers and binar ...)


=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -84,3 +84,7 @@ CVE-2026-1489
 	[bookworm] - glib2.0 2.74.6-2+deb12u9
 CVE-2023-38199
 	[bookworm] - modsecurity-crs 3.3.4-1+deb12u2
+CVE-2026-26064
+	[bookworm] - calibre 6.13.0+repack-2+deb12u6
+CVE-2026-26065
+	[bookworm] - calibre 6.13.0+repack-2+deb12u6


=====================================
data/next-point-update.txt
=====================================
@@ -110,3 +110,7 @@ CVE-2026-1485
 	[trixie] - glib2.0 2.84.4-3~deb13u3
 CVE-2026-1489
 	[trixie] - glib2.0 2.84.4-3~deb13u3
+CVE-2026-26065
+	[trixie] - calibre 8.5.0+ds-1+deb13u2
+CVE-2026-26064
+	[trixie] - calibre 8.5.0+ds-1+deb13u2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35fd825c0db9a620678f0c830931679fe293e92c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35fd825c0db9a620678f0c830931679fe293e92c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260222/6f3e1801/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list