-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 01 Mar 2026 16:11:43 +0900 Source: calibre Binary: calibre-bin calibre-bin-dbgsym Architecture: i386 Version: 8.5.0+ds-1+deb13u2 Distribution: trixie Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-conova-02) Changed-By: YOKOTA Hiroshi Description: calibre-bin - powerful and easy to use e-book manager (binary plugins) Changes: calibre (8.5.0+ds-1+deb13u2) trixie; urgency=medium . * CVE-2026-25635: CHM Input: Ignore internal files that have paths that end up outside the container * CVE-2026-25636: DRYer * CVE-2026-25731: ZIP Output: Change the template engine used for HTML templating from templite to Mustache, for greater safety and performance. Note that this is a breaking change if you use custom templates with ZIP output. * Use pystache instead of templite to fix CVE-2026-25731 * Add NEWS about CVE-2026-25731 fix * CVE-2026-26064: ODT Input: Ensure images are extracted within container * CVE-2026-26065: PDB Input: Ensure extracted images are within the container * CVE-2026-27810: Content server: Sanitize content disposition received as query parameter * CVE-2026-27824: Content server: When banning IPs for repeated login is enabled, only use the IP address not any HTTP headers as the ban key Checksums-Sha1: 46ab653d621f5cb8e8bfb62c0fa3c0d0a275933d 4825948 calibre-bin-dbgsym_8.5.0+ds-1+deb13u2_i386.deb 3798157d38a9822bab0a355d69f8803ec19419fc 843900 calibre-bin_8.5.0+ds-1+deb13u2_i386.deb 18054892e662a03fce93d5def107de5b7a90e84d 24127 calibre_8.5.0+ds-1+deb13u2_i386-buildd.buildinfo Checksums-Sha256: e7ea3af5dbe31ddb60702943a1c0a43bd31351bf334ca15c5b39f93708bc2134 4825948 calibre-bin-dbgsym_8.5.0+ds-1+deb13u2_i386.deb 6487a84cfb47cfa5a96d9268b9ece15747388bfdced0f3bf2421986dfd842794 843900 calibre-bin_8.5.0+ds-1+deb13u2_i386.deb fba3b22e425e6a02a0cc9890e2382a99be5858bf031f0b3759235164e412c4b1 24127 calibre_8.5.0+ds-1+deb13u2_i386-buildd.buildinfo Files: c8c4b41c809d2a4ebbca861ef0f79082 4825948 debug optional calibre-bin-dbgsym_8.5.0+ds-1+deb13u2_i386.deb 4ea7e18105b84b500619f33acd944ed7 843900 text optional calibre-bin_8.5.0+ds-1+deb13u2_i386.deb b0f2691563bd72a157c85e6609257395 24127 text optional calibre_8.5.0+ds-1+deb13u2_i386-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE+i/sCsF3puL4e7qIGNGWmfrqILEFAmn2fEkACgkQGNGWmfrq ILE3CxAAsA+Pj+TOTR8CZ7VKhl1bvQBCHIRkYi6GI/qmAwO52Tld3eyqd+LW3oHt Ww7y1jEjzEjlUHiqSCHqoceR1e3BRVsck15f6j1B4wr0RvqGnnBUbe8NcWGzvAtY 3vqtQtTUhL8V2VsC4K8HRPTRRiPdjCxlVOAI5VlwIuAscXn8Zg1Jz5QXLIPmlYbQ 83S9OvWmuFYl4eEql4kN4tFke0LYgRUbkAStGjc/otS6Eio8rNj2dNr7IdajIAcV /W2as+rgEcXwheFrmWPYemE7JJREVcIh7cZlkgfwhNYGkbRsbKgw6pLqzLFK1TBY SzUhF1H0y0JND+9+/BKY3Tf4y6v0hsEwVgPh67GkQnSfbFCmkYqARxA0wfyTNXJg XVVa/rfsc8Tz+F6zWJkx3KUr4iH/u4OyfpPLcqM3wAxmokHXsksXa+N0pkG6KKCv kSAbL6T3D6nAVv/vpQBCo8f0Eq6Tuy9hEyEb+FQzo6hlJU5kq27KtfuYaQZHDT/K zxE7HA1i0Y0TyS1slYB//m0CqOBQ6NJ0oiRJsEaSnmQewfw0ORmGxOFtv2FrWglf j7pQ7CUYrtOhgiw7DZZGEKyRLsKRQmJnRmiDxxhlMmP5LDMOCQEk2YNJanzd8hKG YMmm21R+ABAoJARkbzrGBnoFnKPmclLZ8AtuDSUVQ9LaFBvDFEw= =St3x -----END PGP SIGNATURE-----