Re: calibre / CVE-2018-7889
Brian May <bam@debian.org> writes:
> As far as I can tell, the upstream patch for CVE-2018-7889 has changes
> that aren't related to the security issue. Or it could be a fix for the
> metadata.db issue, but if so I am completely confused because it doesn't
> actually appear to touch the vulnerable call to cPickle.
It looks like this is the fix for the metada.db issue (and other cPickle
stuff removed):
https://github.com/kovidgoyal/calibre/commit/9adc3b0ffb76092682bb05c8785889520ab83f22
https://github.com/kovidgoyal/calibre/commit/690698170297b7f9a0b3b515ff506605e53e3fb9
--
Brian May <bam@debian.org>
Reply to: