Re: calibre / CVE-2018-7889

To: Antoine Beaupré <anarcat@orangeseeds.org>, Raphael Hertzog <hertzog@debian.org>
Cc: debian-lts@lists.debian.org
Subject: Re: calibre / CVE-2018-7889
From: Brian May <bam@debian.org>
Date: Mon, 16 Apr 2018 17:12:03 +1000
Message-id: <[🔎] 87tvsbaam4.fsf@silverfish.pri>
In-reply-to: <[🔎] 87a7u83alh.fsf@curie.anarc.at>
References: <[🔎] 87woxfbjvp.fsf@silverfish.pri> <[🔎] 87in8x326u.fsf@curie.anarc.at> <[🔎] 20180412081725.GB30420@home.ouaza.com> <[🔎] 87a7u83alh.fsf@curie.anarc.at>

Antoine Beaupré <anarcat@orangeseeds.org> writes:

> But you're right, maybe we can just patch that out for now. It just
> seems the version in calibre is really, really old and I doubt anyone is
> actually using it. But I could be wrong!

I am looking at this now. https://github.com/kovidgoyal/calibre/commit/aeb5b036a0bf657951756688b3c72bd68b6e4a7d

Antoine: Do you think any of the changes to
src/pyj/book_list/edit_metadata.pyj are required for the security fix? I
am struggling to understand how these changes relate to the rest of the
pull request.
-- 
Brian May <bam@debian.org>

Reply to:

Follow-Ups:
- Re: calibre / CVE-2018-7889
  - From: Brian May <bam@debian.org>
- Re: calibre / CVE-2018-7889
  - From: Antoine Beaupré <anarcat@orangeseeds.org>

References:
- calibre / CVE-2018-7889
  - From: Brian May <bam@debian.org>
- Re: calibre / CVE-2018-7889
  - From: Antoine Beaupré <anarcat@orangeseeds.org>
- Re: calibre / CVE-2018-7889
  - From: Raphael Hertzog <hertzog@debian.org>
- Re: calibre / CVE-2018-7889
  - From: Antoine Beaupré <anarcat@orangeseeds.org>

Prev by Date: Re: tiff: CVE-2018-8905: heap-based buffer overflow in LZWDecodeCompat
Next by Date: Re: calibre / CVE-2018-7889
Previous by thread: Re: calibre / CVE-2018-7889
Next by thread: Re: calibre / CVE-2018-7889
Index(es):
- Date
- Thread