Version in base suite: 6.13.0+repack-2+deb12u6 Version in overlay suite: 6.13.0+repack-2+deb12u8 Base version: calibre_6.13.0+repack-2+deb12u8 Target version: calibre_6.13.0+repack-2+deb12u9 Base file: /srv/ftp-master.debian.org/ftp/pool/main/c/calibre/calibre_6.13.0+repack-2+deb12u8.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/c/calibre/calibre_6.13.0+repack-2+deb12u9.dsc changelog | 7 + patches/0047-CVE-2026-33205-E-book-viewer-prevent-reading-backgro.patch | 37 ++++++++++ patches/series | 1 3 files changed, 45 insertions(+) dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpwafinz3z/calibre_6.13.0+repack-2+deb12u8.dsc: no acceptable signature found dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpwafinz3z/calibre_6.13.0+repack-2+deb12u9.dsc: no acceptable signature found diff -Nru calibre-6.13.0+repack/debian/changelog calibre-6.13.0+repack/debian/changelog --- calibre-6.13.0+repack/debian/changelog 2026-05-24 05:19:11.000000000 +0000 +++ calibre-6.13.0+repack/debian/changelog 2026-05-27 14:52:50.000000000 +0000 @@ -1,3 +1,10 @@ +calibre (6.13.0+repack-2+deb12u9) bookworm; urgency=medium + + * CVE-2026-33205: E-book viewer: prevent reading background images from + outside the config dir + + -- YOKOTA Hiroshi Wed, 27 May 2026 23:52:50 +0900 + calibre (6.13.0+repack-2+deb12u8) bookworm; urgency=medium * Add comment for unused fix diff -Nru calibre-6.13.0+repack/debian/patches/0047-CVE-2026-33205-E-book-viewer-prevent-reading-backgro.patch calibre-6.13.0+repack/debian/patches/0047-CVE-2026-33205-E-book-viewer-prevent-reading-backgro.patch --- calibre-6.13.0+repack/debian/patches/0047-CVE-2026-33205-E-book-viewer-prevent-reading-backgro.patch 1970-01-01 00:00:00.000000000 +0000 +++ calibre-6.13.0+repack/debian/patches/0047-CVE-2026-33205-E-book-viewer-prevent-reading-backgro.patch 2026-05-27 14:52:50.000000000 +0000 @@ -0,0 +1,37 @@ +From: Kovid Goyal +Date: Mon, 16 Mar 2026 08:50:19 +0530 +Subject: CVE-2026-33205: E-book viewer: prevent reading background images + from outside the config dir + +Forwarded: not-needed +Bug: https://github.com/kovidgoyal/calibre/security/advisories/GHSA-4926-v9px-wv7v +Origin: https://github.com/kovidgoyal/calibre/commit/6eb7b5458f183c8a037e9d7dac428122a77204e4 + +Signed-off-by: YOKOTA Hiroshi +--- + src/calibre/gui2/viewer/web_view.py | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/src/calibre/gui2/viewer/web_view.py b/src/calibre/gui2/viewer/web_view.py +index fc077f1..0ea687c 100644 +--- a/src/calibre/gui2/viewer/web_view.py ++++ b/src/calibre/gui2/viewer/web_view.py +@@ -80,13 +80,16 @@ def get_data(name): + def background_image(): + ans = getattr(background_image, 'ans', None) + if ans is None: +- img_path = os.path.join(viewer_config_dir, 'bg-image.data') ++ base = os.path.abspath(viewer_config_dir) + os.sep ++ img_path = os.path.abspath(os.path.join(base, 'bg-image.data')) ++ if not img_path.startswith(base): ++ return 'image/jpeg', b'' + if os.path.exists(img_path): + with open(img_path, 'rb') as f: + data = f.read() + mt, data = data.split(b'|', 1) + else: +- ans = b'image/jpeg', b'' ++ return 'image/jpeg', b'' + ans = background_image.ans = mt.decode('utf-8'), data + return ans + diff -Nru calibre-6.13.0+repack/debian/patches/series calibre-6.13.0+repack/debian/patches/series --- calibre-6.13.0+repack/debian/patches/series 2026-05-24 05:19:11.000000000 +0000 +++ calibre-6.13.0+repack/debian/patches/series 2026-05-27 14:52:50.000000000 +0000 @@ -44,3 +44,4 @@ 0044-Fix-security-vulnerabilities-and-code-quality-issues.patch 0045-CVE-2026-30853-RB-Input-Ensure-files-are-extracted-w.patch 0046-CVE-2026-33206-TXT-Input-Ensure-resource-files-are-r.patch +0047-CVE-2026-33205-E-book-viewer-prevent-reading-backgro.patch