#1137465 bookworm-pu: package calibre/6.13.0+repack-2+deb12u8

#1137465#5
Date:
2026-05-24 06:22:13 UTC
From:
To:
[ Reason ]
Fix these CVEs.
CVE-2026-30853: Path Traversal Leading to Arbitrary File Write
CVE-2026-33206: Path traversal allows reading arbitrary files when converting a
text-based file

[ Impact ]
CVEs (max severity: 8.2/10) are unfixed.

[ Tests ]
Automated build-time test was successful.

[ Risks ]
Not well tested on bookworm machine.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
* Add missing comments to previous deb12u7 fix
* Fix for CVE-2026-30853
* Fix for CVE-2026-33206

[ Other info ]
You can examine this fix from online:
https://github.com/debian-
calibre/calibre/compare/debian/6.13.0+repack-2+deb12u7...bookworm-update

#1137465#12
Date:
2026-05-24 08:09:44 UTC
From:
To:
Hi,

Please go ahead.

Thanks,

#1137465#19
Date:
2026-05-25 00:02:23 UTC
From:
To:
Thank you, I was uploaded.
#1137465#24
Date:
2026-05-25 10:41:56 UTC
From:
To:
package release.debian.org
tags 1137465 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==============

Package: calibre
Version: 6.13.0+repack-2+deb12u8

Explanation: read resources only from book contents [CVE-2026-33206]; keep extracted files within container dir [CVE-2026-30853]

#1137465#29
Date:
2026-05-25 10:41:56 UTC
From:
To:
package release.debian.org
tags 1137465 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==============

Package: calibre
Version: 6.13.0+repack-2+deb12u8

Explanation: read resources only from book contents [CVE-2026-33206]; keep extracted files within container dir [CVE-2026-30853]