[CVE] JavaScript in a book can access local files using XMLHttpRequest
Bug #1758699 reported by
Simon Quigley
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
calibre (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Trusty |
Fix Released
|
Medium
|
Simon Quigley | ||
Xenial |
Fix Released
|
Medium
|
Simon Quigley | ||
Artful |
Fix Released
|
Medium
|
Simon Quigley |
Bug Description
For CVE-2016-10187:
The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript.
For CVE-2018-7889:
gui2/viewer/
CVE References
Changed in calibre (Ubuntu Trusty): | |
assignee: | nobody → Simon Quigley (tsimonq2) |
Changed in calibre (Ubuntu Xenial): | |
assignee: | nobody → Simon Quigley (tsimonq2) |
Changed in calibre (Ubuntu Trusty): | |
importance: | Undecided → Medium |
Changed in calibre (Ubuntu Xenial): | |
importance: | Undecided → Medium |
Changed in calibre (Ubuntu): | |
importance: | Undecided → Medium |
status: | New → Fix Released |
Changed in calibre (Ubuntu Artful): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
assignee: | nobody → Simon Quigley (tsimonq2) |
To post a comment you must log in.
I have uploaded these fixes (for Xenial and Trusty) to a fresh test PPA of mine with all architectures switched on and only the security repo enabled. I then tested both in VMs of each release, and they work as intended. It also fixes the security issue.
Security Team, feel free to copy my packages to your PPA: /launchpad. net/~tsimonq2/ +archive/ ubuntu/ security- test-builds/ +sourcepub/ 8878700/ +listing- archive- extra /launchpad. net/~tsimonq2/ +archive/ ubuntu/ security- test-builds/ +sourcepub/ 8878706/ +listing- archive- extra
https:/
https:/
The diffs for each are on that page if you would like to do it manually.
Please sponsor each to go into Ubuntu.
Thanks.