-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 25 May 2026 08:19:53 +0900
Source: calibre
Binary: calibre-bin calibre-bin-dbgsym
Architecture: arm64
Version: 8.5.0+ds-1+deb13u3
Distribution: trixie
Urgency: medium
Maintainer: arm64 Build Daemon (arm-ubc-02) <buildd_arm64-arm-ubc-02@buildd.debian.org>
Changed-By: YOKOTA Hiroshi <yokota.hgml@gmail.com>
Description:
 calibre-bin - powerful and easy to use e-book manager (binary plugins)
Closes: 1135543
Changes:
 calibre (8.5.0+ds-1+deb13u3) trixie; urgency=medium
 .
   * Fix security vulnerabilities and code quality issues (Closes: #1135543)
   * CVE-2026-30853: RB Input: Ensure files are extracted within container
     dir
   * CVE-2026-33205 (1/2): E-book viewer: prevent reading background images
     from outside the config dir
   * CVE-2026-33205 (2/2): E-book viewer: Disallow background images from
     the internet. This was an unused feature anyway
   * CVE-2026-33206: TXT Input: Ensure resource files are read only from
     book contents
Checksums-Sha1:
 490e3af4d2a887921b3c998fff91f27775327213 4923600 calibre-bin-dbgsym_8.5.0+ds-1+deb13u3_arm64.deb
 9df90be98f3ff3e7394d35a5918ba48042db5c6a 844024 calibre-bin_8.5.0+ds-1+deb13u3_arm64.deb
 8005ecc88a6e8aa395af4e368636d019372168b1 24245 calibre_8.5.0+ds-1+deb13u3_arm64-buildd.buildinfo
Checksums-Sha256:
 87f6fbda81fc1599d47f08708c03d4e4f13ad56c8baa5f6ba62f98f139a64d4a 4923600 calibre-bin-dbgsym_8.5.0+ds-1+deb13u3_arm64.deb
 4acf2e7e09795e5ed199ad585322401b85c8cc3d49aaf585e2625548cb908f3e 844024 calibre-bin_8.5.0+ds-1+deb13u3_arm64.deb
 d1734b3a359f329481682837f4a596bda46296e268fb9b051d127049b87fe653 24245 calibre_8.5.0+ds-1+deb13u3_arm64-buildd.buildinfo
Files:
 7f19baf1cc542210a494076079a4e84e 4923600 debug optional calibre-bin-dbgsym_8.5.0+ds-1+deb13u3_arm64.deb
 cb650e157c4cd5ca9e8600ee926b1d18 844024 text optional calibre-bin_8.5.0+ds-1+deb13u3_arm64.deb
 07ca332aa3036bb871ef692352c542cf 24245 text optional calibre_8.5.0+ds-1+deb13u3_arm64-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEJkN0BnKzGWWW6tS+G5VHrWJmwgcFAmofMFIACgkQG5VHrWJm
wgeFZA/7BgzuIKr3oEe4rV1s0uEUuKmzBYmznxqYoqrYM+HAX7HxJVS6mySCEgTS
qQ9dTOftieBSOxTp1itZMJdQkmzlQNow+4CKeg9wVoYUMXnLPFznNXIoJzDZnzNf
aVhuNerGg+o8/Ua2IX3zi92Y7VHpUVT23EPMIFW48ZBR0/fLEyQSNPLyXMxm1d8T
XjmUes63lWJG43s5eVubE211+X7Y5N+fbGkinvdgtGUTRUG3+IXqK4d7gd18kTyg
JlsIKulLGbGQGF/gmeYz84+aU96150QOqdLiVeUEGeBqOWIuFxw07EqLw/+gQyKB
JNW9VCzsDdUxaK+W1zDHnzdNuOoQbeNskz2od2EtDYsLwveXPwp9X2Pn0yBTyxjS
fSlHFzvMnvg5cjsKM+EizKpHNBiJ4JrbfJ+ix0oePLqheJ5mwisDdSxmcItxPjVK
5Gmkd71bDlSuRfInMb1R6+B8OwpxXKTmjDar70U5PrHDDhttJ7kXlN1Q0YAcIN9y
DBJpBhSOgeht10B3Awvoj+xNaiJPwSZUImLCXzGihj1sAUC8EH+/BfiftJLkje6w
Gl1AVEM/QthFVFO3XwhUd5kkBhdedSERe5DVviUM8CWofhXxXuBcjGdUzFIVd1aB
vDjVqzNlNgyTdM8kKSuE8nZuiMcKwlfuFbsvi1IpVix6kc099O4=
=fAbN
-----END PGP SIGNATURE-----