Commit ef2f8d10 authored by Brian May's avatar Brian May

Mark calibre CVE-2018-7889 in wheezy

There is no known fix for this, and a true fix is not possible
without changing the configuration file formats not to allow
executable code.

parent 4da8de7a
......@@ -6829,6 +6829,7 @@ CVE-2018-7890 (A remote code execution issue was discovered in Zoho ManageEngine
NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2018-7889 (gui2/viewer/ in Calibre 3.18 calls cPickle.load on ...)
- calibre 3.19.0+dfsg-1 (bug #892242)
[wheezy] - calibre <no-dsa> (Minor issue)
NOTE: deserialization fix
NOTE: insufficient as import also loads configuration files, which are python executables,
......@@ -12,10 +12,6 @@
apache2 (Roberto C. Sánchez)
calibre (Brian May)
NOTE: 20180321: Instead of replacing pickle with json, maybe disable bookmarking (apo)
NOTE: 20180321: completely and invest the time to fix the Jessie version instead? (apo)
cups (Thorsten Alteholz)
NOTE: 20180318: not clear whether patch is fine, so no email to maintainer sent (alteholz)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment