[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

calibre / CVE-2018-7889

If I understand the upstream patch correctly, this replaces pickle with
json for bookmarks and metadata information. It looks like this patch
was applied to sid.

Won't this break existing installs by making existing data inaccessible?

Maybe we don't have much choice in the matter however. Any automatic
conversion tool is likely to have the same vulnerability we are
attempting to resolve.
Brian May <bam@debian.org>

Reply to: