-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 01 Mar 2026 16:11:43 +0900 Source: calibre Binary: calibre-bin calibre-bin-dbgsym Architecture: amd64 Version: 8.5.0+ds-1+deb13u2 Distribution: trixie Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) Changed-By: YOKOTA Hiroshi Description: calibre-bin - powerful and easy to use e-book manager (binary plugins) Changes: calibre (8.5.0+ds-1+deb13u2) trixie; urgency=medium . * CVE-2026-25635: CHM Input: Ignore internal files that have paths that end up outside the container * CVE-2026-25636: DRYer * CVE-2026-25731: ZIP Output: Change the template engine used for HTML templating from templite to Mustache, for greater safety and performance. Note that this is a breaking change if you use custom templates with ZIP output. * Use pystache instead of templite to fix CVE-2026-25731 * Add NEWS about CVE-2026-25731 fix * CVE-2026-26064: ODT Input: Ensure images are extracted within container * CVE-2026-26065: PDB Input: Ensure extracted images are within the container * CVE-2026-27810: Content server: Sanitize content disposition received as query parameter * CVE-2026-27824: Content server: When banning IPs for repeated login is enabled, only use the IP address not any HTTP headers as the ban key Checksums-Sha1: 80eee7dea41346f8843aed1f96af5537e8879262 4984652 calibre-bin-dbgsym_8.5.0+ds-1+deb13u2_amd64.deb 04b6bb33025b34cb897d859c1936d21d7f90aaf0 901896 calibre-bin_8.5.0+ds-1+deb13u2_amd64.deb 1926cb97a6f9705fd6ea4b146b4a40bca70644f1 24235 calibre_8.5.0+ds-1+deb13u2_amd64-buildd.buildinfo Checksums-Sha256: 5e3d72a50885083d4678b3d2780acec9bb5d31bbcef2ad2e6b5bed24d572e328 4984652 calibre-bin-dbgsym_8.5.0+ds-1+deb13u2_amd64.deb 8498832c2a5b14c11cfa00709bc53df8a3d5951b3559db9294dda44e087c9e4f 901896 calibre-bin_8.5.0+ds-1+deb13u2_amd64.deb 943e91f9d851acaf2946fb3e641638615a617f0607d9a5d85c1064555b580f37 24235 calibre_8.5.0+ds-1+deb13u2_amd64-buildd.buildinfo Files: 0390f088312de2da095b1b8de83fc0b5 4984652 debug optional calibre-bin-dbgsym_8.5.0+ds-1+deb13u2_amd64.deb d9d61aa9ca4e014c56cc7c7db612821b 901896 text optional calibre-bin_8.5.0+ds-1+deb13u2_amd64.deb 012663540c26e333194d4d1838d2c260 24235 text optional calibre_8.5.0+ds-1+deb13u2_amd64-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7cQ9mRD4+dWjjrb6PkCWRKsh20cFAmn2ewEACgkQPkCWRKsh 20dbohAAux+KH7ESQKslqC27V5H+FTovcUsGieTjIPEsZA5MAotyQZsddv2gZyRA T6xpHQb1oWNcPFT6QaD2/JMgca6DkT0oijK/qAICxrHaG5atZF4XuEt+7QnPIQOM 9NZXFJ8t0VoNzQvItFiL3/E1nUcaTSF4k9Dc/LS0VK/x0ZRHr1lRgNflPH0JAgvL NJd1Oyy6DUCdPCotywlDSDliMapVTBdjqunSdOo6FiAIVmFKcSC/bSIQ6IxAfGRg k9qHqdNwikq+TQqyoTh2ZweZlzUj3NaTDseQaJTqIxbTdvjwKIfFeBpegnwJaWyf n98AtrjS5VZbt5z4/YbTzewalmh213ny+gaP+52Q6eTzribSIv4bYZiWKw3326qN MuK3XO5dM5I27GQeJkH9HhoG3YhVuW/10TRvNnQdIFHQ9XnoBiMSUGUkkOYeBRvO 4XOrILiGc8LCdHDaWwB/qg9QkGJmScyg1QzkQZ+aEiczVKcTYVTu2FDLRVV0zVhH RW2FCrlMGLBD5q3nMhvBOJUgut8A9t5h+H1Hf+xOAJRdeeIc5g6NvNVM7JBBRBE4 GvPzX2bL40y4yPomhIxYnw3EH3QTwM4khskQ1mwvLtwr3WxZDAXcRSLMOtQ42yPl G/hHX2S/bBd2ty9IHDUEqO7vKYVSyBNI2HywexggkHL30R+BViE= =K9pw -----END PGP SIGNATURE-----