Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2010-1028

Source

Debian Bug report logs - #787085
calibre: Security issues in WOFF code

Package: src:calibre; Maintainer for src:calibre is Norbert Preining <norbert@preining.info>;

Reported by: Dmitry Shachnev <mitya57@debian.org>

Date: Thu, 28 May 2015 12:18:06 UTC

Severity: normal

Tags: security

Found in version calibre/2.24.0+dfsg-1

Fixed in version calibre/2.38.0+dfsg-1

Done: Salvatore Bonaccorso <carnil@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Miriam Ruiz <little_miry@yahoo.es>:
Bug#787085; Package src:calibre. (Thu, 28 May 2015 12:18:10 GMT) (full text, mbox, link).

Acknowledgement sent to Dmitry Shachnev <mitya57@debian.org>:
New Bug report received and forwarded. Copy sent to Miriam Ruiz <little_miry@yahoo.es>. (Thu, 28 May 2015 12:18:10 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

Source: calibre
Version: 2.24.0+dfsg-1
Tags: security

Dear Maintainer,

Calibre contains an embedded copy of outdated Mozilla's WOFF code (in
src/calibre/utils/fonts/woff/), which is known to have some security issues.

In particular:

1) https://bugzilla.mozilla.org/show_bug.cgi?id=552216 (aka CVE-2010-1028)

Cherry-picking https://hg.mozilla.org/releases/mozilla-1.9.2/rev/827a6883442f
will fix it.

2) https://bugzilla.mozilla.org/show_bug.cgi?id=522308

Cherry-picking https://hg.mozilla.org/mozilla-central/rev/69eb050f2c0a will
fix it.

Note: new Mozilla's releases do not contain the code in question anymore.

--
Dmitry Shachnev

[signature.asc (application/pgp-signature, inline)]

Marked as fixed in versions calibre/2.38.0+dfsg-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sun, 29 Jan 2017 16:54:08 GMT) (full text, mbox, link).

Marked Bug as done Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sun, 29 Jan 2017 16:54:09 GMT) (full text, mbox, link).

Notification sent to Dmitry Shachnev <mitya57@debian.org>:
Bug acknowledged by developer. (Sun, 29 Jan 2017 16:54:09 GMT) (full text, mbox, link).

Message sent on to Dmitry Shachnev <mitya57@debian.org>:
Bug#787085. (Sun, 29 Jan 2017 16:54:10 GMT) (full text, mbox, link).

Message #14 received at 787085-submitter@bugs.debian.org (full text, mbox, reply):

close 787085 2.38.0+dfsg-1
thanks

2.38.0+dfsg-1 removed the code below src/calibre/utils/fonts/woff/

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 27 Feb 2017 07:32:32 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 17:08:52 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

calibre: Security issues in WOFF code

Debian Bug report logs - #787085
calibre: Security issues in WOFF code

Vulmon Search

About

Products

Connect

calibre: Security issues in WOFF code

Debian Bug report logs - #787085 calibre: Security issues in WOFF code

Vulmon Search

About

Products

Connect

Debian Bug report logs - #787085
calibre: Security issues in WOFF code