On Wed, Feb 01, 2017 at 12:43:02PM +0100, Martin Pitt wrote:
> Hello Salvatore,
>
> Salvatore Bonaccorso [2017-01-31 17:15 +0100]:
> > This has been assigned CVE-2016-10187, in
>
> Want me to upload the previously sent patch to the queue (with adding the CVE
> to the patch/changelog)?
Yes,
Hello Salvatore,
Salvatore Bonaccorso [2017-01-31 17:15 +0100]:
> This has been assigned CVE-2016-10187, in
Want me to upload the previously sent patch to the queue (with adding the CVE
to the patch/changelog)?
Martin
Processing control commands:
> retitle -1 calibre: CVE-2016-10187: javascript in the book can access files
> on the computer using XMLHttpRequest
Bug #853004 {Done: Salvatore Bonaccorso } [calibre]
security: javascript in the book can access files on the computer using
Control: retitle -1 calibre: CVE-2016-10187: javascript in the book can access
files on the computer using XMLHttpRequest
This has been assigned CVE-2016-10187, in
http://www.openwall.com/lists/oss-security/2017/01/31/9
Regards,
Salvatore
Hello Antoine,
Antoine Beaupré [2017-01-29 10:48 -0500]:
> Next time could you coordinate more closely with the security team?
Point taken, sorry about that.
> 3. (optionnally) request a CVE at OSS-security with a CC upstream:
>
On 2017-01-29 09:35:18, Martin Pitt wrote:
> Control: notfound -1 2.75.1+dfsg-1
>
> Hello Antoine,
>
> Antoine Beaupre [2017-01-28 15:56 -0500]:
>> Someone pointed me to this note in the 2.75.1 changelog:
>>
>> E-book viewer: Prevent javascript in the book from accessing files
>> on the
Control: notfound -1 2.75.1+dfsg-1
Hello Antoine,
Antoine Beaupre [2017-01-28 15:56 -0500]:
> Someone pointed me to this note in the 2.75.1 changelog:
>
> E-book viewer: Prevent javascript in the book from accessing files
> on the computer using XMLHttpRequest.
I did mention this in
Processing control commands:
> notfound -1 2.75.1+dfsg-1
Bug #853004 [calibre] security: javascript in the book can access files on the
computer using XMLHttpRequest?
Ignoring request to alter found versions of bug #853004 to the same values
previously set
--
853004:
Package: calibre
Version: 2.71.0+dfsg-1
Severity: critical
File: /usr/bin/ebook-viewer
Tags: security
Hi,
Someone pointed me to this note in the 2.75.1 changelog:
E-book viewer: Prevent javascript in the book from accessing files
on the computer using XMLHttpRequest.
The ticket link
9 matches
Mail list logo