-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 01 Mar 2026 16:11:43 +0900
Source: calibre
Binary: calibre
Architecture: all
Version: 8.5.0+ds-1+deb13u2
Distribution: trixie
Urgency: medium
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: YOKOTA Hiroshi <yokota.hgml@gmail.com>
Description:
 calibre    - powerful and easy to use e-book manager
Changes:
 calibre (8.5.0+ds-1+deb13u2) trixie; urgency=medium
 .
   * CVE-2026-25635: CHM Input: Ignore internal files that have paths that
     end up outside the container
   * CVE-2026-25636: DRYer
   * CVE-2026-25731: ZIP Output: Change the template engine used for HTML
     templating from templite to Mustache, for greater safety and
     performance. Note that this is a breaking change if you use custom
     templates with ZIP output.
   * Use pystache instead of templite to fix CVE-2026-25731
   * Add NEWS about CVE-2026-25731 fix
   * CVE-2026-26064: ODT Input: Ensure images are extracted within
     container
   * CVE-2026-26065: PDB Input: Ensure extracted images are within the
     container
   * CVE-2026-27810: Content server: Sanitize content disposition received
     as query parameter
   * CVE-2026-27824: Content server: When banning IPs for repeated login is
     enabled, only use the IP address not any HTTP headers as the ban key
Checksums-Sha1:
 57f4d9c2c86caf9d57ae0349ec43d773b6d92e79 23888 calibre_8.5.0+ds-1+deb13u2_all-buildd.buildinfo
 03dd70025c36c2f2c719daa01f16d4cb08d39627 29986464 calibre_8.5.0+ds-1+deb13u2_all.deb
Checksums-Sha256:
 6289ebd8385b986d234756ac06deb012ac591528e488c8859154743847e1104b 23888 calibre_8.5.0+ds-1+deb13u2_all-buildd.buildinfo
 b1a25c0a69e781f943165660c8f92f390b3569eca138d2488b2dffcbfa36640d 29986464 calibre_8.5.0+ds-1+deb13u2_all.deb
Files:
 d7cc13b28e817d617430579f14c8eebb 23888 text optional calibre_8.5.0+ds-1+deb13u2_all-buildd.buildinfo
 4c90806961592b81fb6c2a3256078c87 29986464 text optional calibre_8.5.0+ds-1+deb13u2_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE81O8NL+3kjBAqEvLmgPNRvTf/zcFAmn2egsACgkQmgPNRvTf
/zccqA//WObrrXCUO0QtRvSkxffEzOaUT+fTx3Ed7aJj4gJVSDhePyeMLE8K/mdv
uXfyWRrxy6SdZMv3+3f5GjdwRSyDGYL6mhoPoXIWsbUVcb73Br5m7jrATm9m0R5c
e/PetmjeorpOEIcrWSLCi/IbqJc8fwM+b6m5/0kIrVhIACAk3ut4H7VQWaYpLydm
J3MkTmRc/g+6sc/zUqJz7YZWYK9pcJBSRnAa+sVED8vpGETW9mS0MMPi7PrM/5cp
JMDAIBQh2gR2nKLHxTD4Glxi/oY9QNpLuFaUMuRN499Aq7qKWPoSRDGkRdOiUAF5
7kMOhcE6KdGOYkSsIwckzeW0R9QoxuEP9ENqL1vtk+Hon/ksXmiDTzTelTDvwJ5u
sChi1tu+wVBY2dL/yLdiujpCtxFpGAWqHXWUrjL5WuMEjIrWHQejql6Ony9mf33i
brRzH/kUUnwo7PUvreZc/xn/rg9iog6LC4/LSkKJLPGjwmXCFxIvjYYz3sW2HLad
yM8VtKJ899qTZ2meuZR24OAdQKjsm0g1+RjP5o/iAAxczDSOdibJV/4UQ7nGmgP3
oZUqgetmGZgIinkVWrUGCp9EfPhxdq2Hw1jJKEG3NjjbrCUyT7o6ZXE4YPj9iB0Q
jJ3CCLllNcoHuNV9MBVQYuIYcOpTwQDkoTUqdEfvfb6iClSRb0M=
=RQ3a
-----END PGP SIGNATURE-----