[SECURITY] [DLA 3862-1] calibre security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3862-1] calibre security update
From: Adrian Bunk <bunk@debian.org>
Date: Mon, 2 Sep 2024 23:14:34 +0300
Message-id: <[🔎] ZtYcqtFLzAj3wcag@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3862-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
September 02, 2024                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : calibre
Version        : 5.12.0+dfsg-1+deb11u3
CVE ID         : CVE-2021-44686 CVE-2023-46303
Debian Bug     : 

Two vulnerabilities have been fixed in the e-book manager Calibre.

CVE-2021-44686

    Regular Expression Denial of Service

CVE-2023-46303

    HTML Input: Don't add resources that exist outside the document root 
    by default

For Debian 11 bullseye, these problems have been fixed in version
5.12.0+dfsg-1+deb11u3.

We recommend that you upgrade your calibre packages.

For the detailed security status of calibre please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/calibre

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmbWHKcACgkQiNJCh6LY
mLFuehAAokiN7Brfvo8OgM46q4JUaSxokadez5BZzqU+/Y8ClWZlqcKSrbhcbSb2
Jp7ojiJ0aRk/WZ88zvKLbH01jRlauIAN82b2w3bfpIywpjt6OBx7rxn8891jjzm7
uhdQwY9OBbzOE0t04Anc7b/h1/ZLvjjMHDGSle1Cvcqngey7P5kO80JyFJ/Ffe96
72VplJHxVL9OiTbT61nU+XxwdFFIdGiyZBiRr7XqU+RcTEnEWBtPJTYfi5RF4jNb
CaZ4kpAwBr49i8vUdVlFm7YhoscFy1sAlNQ81wKUuacNYCLYAfbryOs800s13ODt
hibhb3Tpivu1fBbGV/+kHVGM0YlrYSiMXXrtp2CA4SfRvykkIwb7XRLiYiqLkcTV
IYEGtRChtBnTFqQ45nHwcqlxPR8x93XAz7iNiICx1XmlktcxSapeaqN3hYAoehIT
U8CwnYAQa1Xd1N32jxCIjlXpm2mYpC9PcLyjVsb5S4+OuuuHHb2vSw++9eHqB7i+
LiKZcBUy/wK1Bh1dTNWaXLixzLb+U9TVOirRBzLbZDUKgMYjqrgTl/9VY8XTLB3c
RaeFmhW6B53CHN9D57pz38mJGTHZwRrMAagLxGuMTEjR+/WxqI7DgqT7C8bELaXz
Eiv6C9g1zLdDuZKiVj6l+veEbhG/Wx9tb6HnhGJB6BmF0Cb72qg=
=YtnM
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3863-1] nbconvert security update
Next by Date: [SECURITY] [DLA 3864-1] webkit2gtk security update
Previous by thread: [SECURITY] [DLA 3863-1] nbconvert security update
Next by thread: [SECURITY] [DLA 3864-1] webkit2gtk security update
Index(es):
- Date
- Thread