- Package:
- release.debian.org
- Source:
- release.debian.org
- Submitter:
- YOKOTA Hiroshi
- Date:
- 2026-05-31 11:59:02 UTC
- Severity:
- normal
- Tags:
[ Reason ] Fix CVE-2026-33205 [ Impact ] A Server-Side Request Forgery vulnerability is unfixed. [ Tests ] Build time automated test was successful. [ Risks ] Not well tested on bookworm machine. Calibre v6.13.0 code is differ from current upstream code, so I rewrite the patch for v6.13.0. (Big change was happen in v7.6.0) This means the fix is less reliable than trixie's fix. Please review more carefully than trixie's CVE-2026-33205 fix. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] * Fix CVE-2026-33205 [ Other info ] * Server-Side Request Forgery in ebook viewer backend https://github.com/kovidgoyal/calibre/security/advisories/GHSA-4926-v9px-wv7v * E-book viewer: prevent reading background images https://github.com/kovidgoyal/calibre/commit/6eb7b5458f183c8a037e9d7dac428122a77204e4 * Examine this fix from online https://github.com/debian- calibre/calibre/compare/debian/6.13.0+repack-2+deb12u8...bookworm-update
Hi, Please go ahead. Thanks,
Hello, Thank you. I was uploaded.
package release.debian.org tags 1138069 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details ============== Package: calibre Version: 6.13.0+repack-2+deb12u9 Explanation: prevent reading background images from outside the config dir [CVE-2026-33205]
package release.debian.org tags 1138069 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details ============== Package: calibre Version: 6.13.0+repack-2+deb12u9 Explanation: prevent reading background images from outside the config dir [CVE-2026-33205]