[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: calibre / CVE-2018-7889

Brian May <bam@debian.org> writes:

> As far as I can tell, the upstream patch for CVE-2018-7889 has changes
> that aren't related to the security issue. Or it could be a fix for the
> metadata.db issue, but if so I am completely confused because it doesn't
> actually appear to touch the vulnerable call to cPickle.

It looks like this is the fix for the metada.db issue (and other cPickle
stuff removed):

Brian May <bam@debian.org>

Reply to: