calibre / CVE-2018-7889

To: debian-lts@lists.debian.org
Subject: calibre / CVE-2018-7889
From: Brian May <bam@debian.org>
Date: Tue, 10 Apr 2018 17:28:26 +1000
Message-id: <[🔎] 87woxfbjvp.fsf@silverfish.pri>

If I understand the upstream patch correctly, this replaces pickle with
json for bookmarks and metadata information. It looks like this patch
was applied to sid.

Won't this break existing installs by making existing data inaccessible?

Maybe we don't have much choice in the matter however. Any automatic
conversion tool is likely to have the same vulnerability we are
attempting to resolve.
-- 
Brian May <bam@debian.org>

Reply to:

Follow-Ups:
- Re: calibre / CVE-2018-7889
  - From: Brian May <bam@debian.org>
- Re: calibre / CVE-2018-7889
  - From: Antoine Beaupré <anarcat@orangeseeds.org>

Prev by Date: Re: libgcrypt11 same issue? Was: Re: [SECURITY] [DLA 1283-1] python-crypto security update
Next by Date: rubygems / CVE-2018-1000074
Previous by thread: Re: libgcrypt11 same issue? Was: Re: [SECURITY] [DLA 1283-1] python-crypto security update
Next by thread: Re: calibre / CVE-2018-7889
Index(es):
- Date
- Thread