-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 25 May 2026 08:19:53 +0900 Source: calibre Binary: calibre-bin calibre-bin-dbgsym Architecture: i386 Version: 8.5.0+ds-1+deb13u3 Distribution: trixie Urgency: medium Maintainer: amd64 / i386 Build Daemon (x86-ubc-02) Changed-By: YOKOTA Hiroshi Description: calibre-bin - powerful and easy to use e-book manager (binary plugins) Closes: 1135543 Changes: calibre (8.5.0+ds-1+deb13u3) trixie; urgency=medium . * Fix security vulnerabilities and code quality issues (Closes: #1135543) * CVE-2026-30853: RB Input: Ensure files are extracted within container dir * CVE-2026-33205 (1/2): E-book viewer: prevent reading background images from outside the config dir * CVE-2026-33205 (2/2): E-book viewer: Disallow background images from the internet. This was an unused feature anyway * CVE-2026-33206: TXT Input: Ensure resource files are read only from book contents Checksums-Sha1: f3fd42ec3d577846756dae070a90ebc40b8a0087 4826856 calibre-bin-dbgsym_8.5.0+ds-1+deb13u3_i386.deb b21ca7f7cbfb13226f3a9de5e33679f0701fe7bc 845396 calibre-bin_8.5.0+ds-1+deb13u3_i386.deb ecc1c15f62ab95e1b8c5ba89d21161648eb12792 24284 calibre_8.5.0+ds-1+deb13u3_i386-buildd.buildinfo Checksums-Sha256: c09225f10d5a328c4fd5a4209ff71b8a424f09f3d4f63af5dc0b2684f41c4ba3 4826856 calibre-bin-dbgsym_8.5.0+ds-1+deb13u3_i386.deb fa8e304f2b024ef92a7cea9f8fed184412acee864c56c418a826630f2c3e2c5a 845396 calibre-bin_8.5.0+ds-1+deb13u3_i386.deb fd6b9c4a8ad45d97ad3ece0e76c3084b68a7c48abd92c8cdb900a2afb225b21d 24284 calibre_8.5.0+ds-1+deb13u3_i386-buildd.buildinfo Files: d6bcf6128c036a84362b7e548a393e40 4826856 debug optional calibre-bin-dbgsym_8.5.0+ds-1+deb13u3_i386.deb a7c534d64bd846d163f88def1db77328 845396 text optional calibre-bin_8.5.0+ds-1+deb13u3_i386.deb 12605831daa81b9e6489899d86854a28 24284 text optional calibre_8.5.0+ds-1+deb13u3_i386-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEb5EwsJvHBEjqIJYIbheoBegwXLIFAmofMFkACgkQbheoBegw XLKpnA/6AofUvaIEd+XPN2jQAeAZeMxiGXqPZzOn2vIXM0tRiwzYHz2oXyPhlStH 0bJTOjCTRU8h4Mbp4+q965p0kMGHTVSJ6wG2qqdREB/5yUR0s8QgzoeBOSb/S+Z4 1jjN8jRm58AVczlJFjY7zcsNpt/zbXZe4d5oJDSNqarc4Rv4BPm8OL+Crt/3+Sux JewXAAYq/Ps9W6GCTwbZgwW4HsL9nHHkzbOgwGAWaDqd5SjvoVDIztHjj9QtDX38 t6rhfWfhfXo7wDAoNQCg5q1+aJh5a8Vq0tf5P3ostfeEbVhWW16cUtUpE+C/hQio bQwV+d2U25lHKMfBTQVwpvLL/BL2IkzCAdVKuomtcuEPelk15l6ydjmk9CksFeRk doEEE9cjXrrCDsvDwX+bHCws4WzBap3MaMMLpyWbus4MGPxWjsFmgyw6X9VXA7c5 LIBHXB5+IUnpg91j/P2Se07917zzmRErQwaTKSW6kpxAtIGmE1MeuSAhnl5M8evP MjwX4XSuo7PssDO/+hEbnN2vCzzRXPJ82p1em8i2azu9TLZCl/P3cpma/sdgRB+g IfQ1A97F+Qc2xZ1KT4Lf1t6oQ7aCwY3xV/1A6PKq59Wnkcdm9mEwORPtWJ05XUlg vDjXVJ+N3BnafSwg5+/qoA0+dKKVuA/x3ol/u4gICrDX7xMdy34= =Azqz -----END PGP SIGNATURE-----