Bug#853004: security: javascript in the book can access files on the computer using XMLHttpRequest?

On Wed, Feb 01, 2017 at 12:43:02PM +0100, Martin Pitt wrote: > Hello Salvatore, > > Salvatore Bonaccorso [2017-01-31 17:15 +0100]: > > This has been assigned CVE-2016-10187, in > > Want me to upload the previously sent patch to the queue (with adding the CVE > to the patch/changelog)? Yes,

Bug#853004: security: javascript in the book can access files on the computer using XMLHttpRequest?

Hello Salvatore, Salvatore Bonaccorso [2017-01-31 17:15 +0100]: > This has been assigned CVE-2016-10187, in Want me to upload the previously sent patch to the queue (with adding the CVE to the patch/changelog)? Martin

Processed: Re: Bug#853004: security: javascript in the book can access files on the computer using XMLHttpRequest?

Processing control commands: > retitle -1 calibre: CVE-2016-10187: javascript in the book can access files > on the computer using XMLHttpRequest Bug #853004 {Done: Salvatore Bonaccorso } [calibre] security: javascript in the book can access files on the computer using

Bug#853004: security: javascript in the book can access files on the computer using XMLHttpRequest?

Control: retitle -1 calibre: CVE-2016-10187: javascript in the book can access files on the computer using XMLHttpRequest This has been assigned CVE-2016-10187, in http://www.openwall.com/lists/oss-security/2017/01/31/9 Regards, Salvatore

Bug#853004: security: javascript in the book can access files on the computer using XMLHttpRequest?

Hello Antoine, Antoine Beaupré [2017-01-29 10:48 -0500]: > Next time could you coordinate more closely with the security team? Point taken, sorry about that. > 3. (optionnally) request a CVE at OSS-security with a CC upstream: >

Bug#853004: security: javascript in the book can access files on the computer using XMLHttpRequest?

On 2017-01-29 09:35:18, Martin Pitt wrote: > Control: notfound -1 2.75.1+dfsg-1 > > Hello Antoine, > > Antoine Beaupre [2017-01-28 15:56 -0500]: >> Someone pointed me to this note in the 2.75.1 changelog: >> >> E-book viewer: Prevent javascript in the book from accessing files >> on the

Bug#853004: security: javascript in the book can access files on the computer using XMLHttpRequest?

Control: notfound -1 2.75.1+dfsg-1 Hello Antoine, Antoine Beaupre [2017-01-28 15:56 -0500]: > Someone pointed me to this note in the 2.75.1 changelog: > > E-book viewer: Prevent javascript in the book from accessing files > on the computer using XMLHttpRequest. I did mention this in

Processed: Re: Bug#853004: security: javascript in the book can access files on the computer using XMLHttpRequest?

Processing control commands: > notfound -1 2.75.1+dfsg-1 Bug #853004 [calibre] security: javascript in the book can access files on the computer using XMLHttpRequest? Ignoring request to alter found versions of bug #853004 to the same values previously set -- 853004:

Bug#853004: security: javascript in the book can access files on the computer using XMLHttpRequest?

Package: calibre Version: 2.71.0+dfsg-1 Severity: critical File: /usr/bin/ebook-viewer Tags: security Hi, Someone pointed me to this note in the 2.75.1 changelog: E-book viewer: Prevent javascript in the book from accessing files on the computer using XMLHttpRequest. The ticket link