- Package:
- release.debian.org
- Source:
- release.debian.org
- Submitter:
- YOKOTA Hiroshi
- Date:
- 2026-05-25 10:45:04 UTC
- Severity:
- normal
- Tags:
[ Reason ] Fix these CVEs. CVE-2026-30853: Path Traversal Leading to Arbitrary File Write CVE-2026-33206: Path traversal allows reading arbitrary files when converting a text-based file [ Impact ] CVEs (max severity: 8.2/10) are unfixed. [ Tests ] Automated build-time test was successful. [ Risks ] Not well tested on bookworm machine. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] * Add missing comments to previous deb12u7 fix * Fix for CVE-2026-30853 * Fix for CVE-2026-33206 [ Other info ] You can examine this fix from online: https://github.com/debian- calibre/calibre/compare/debian/6.13.0+repack-2+deb12u7...bookworm-update
Hi, Please go ahead. Thanks,
Thank you, I was uploaded.
package release.debian.org tags 1137465 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details ============== Package: calibre Version: 6.13.0+repack-2+deb12u8 Explanation: read resources only from book contents [CVE-2026-33206]; keep extracted files within container dir [CVE-2026-30853]
package release.debian.org tags 1137465 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details ============== Package: calibre Version: 6.13.0+repack-2+deb12u8 Explanation: read resources only from book contents [CVE-2026-33206]; keep extracted files within container dir [CVE-2026-30853]