Version in base suite: 8.5.0+ds-1

Base version: calibre_8.5.0+ds-1
Target version: calibre_8.5.0+ds-1+deb13u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/c/calibre/calibre_8.5.0+ds-1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/c/calibre/calibre_8.5.0+ds-1+deb13u1.dsc

 changelog                                      |    6 ++++++
 patches/series                                 |    1 +
 patches/upstream/0082-Fix-CVE-2025-64486.patch |   23 +++++++++++++++++++++++
 3 files changed, 30 insertions(+)

diff -Nru calibre-8.5.0+ds/debian/changelog calibre-8.5.0+ds/debian/changelog
--- calibre-8.5.0+ds/debian/changelog	2025-06-20 11:06:53.000000000 +0000
+++ calibre-8.5.0+ds/debian/changelog	2025-11-09 07:06:24.000000000 +0000
@@ -1,3 +1,9 @@
+calibre (8.5.0+ds-1+deb13u1) trixie; urgency=medium
+
+  * Fix CVE-2025-64486
+
+ -- YOKOTA Hiroshi <yokota.hgml@gmail.com>  Sun, 09 Nov 2025 16:06:24 +0900
+
 calibre (8.5.0+ds-1) unstable; urgency=medium
 
   * New upstream version 8.5.0+ds
diff -Nru calibre-8.5.0+ds/debian/patches/series calibre-8.5.0+ds/debian/patches/series
--- calibre-8.5.0+ds/debian/patches/series	2025-06-20 11:02:05.000000000 +0000
+++ calibre-8.5.0+ds/debian/patches/series	2025-11-09 07:06:24.000000000 +0000
@@ -79,3 +79,4 @@
 pykakasi/0079-Revert-More-work-on-de-vendoring-pykakasi.patch
 pykakasi/0080-Revert-Fix-a-regression-that-caused-incorrect-Englis.patch
 0081-Revert-Update-7zip-wrapper-code-for-removal-of-read-.patch
+upstream/0082-Fix-CVE-2025-64486.patch
diff -Nru calibre-8.5.0+ds/debian/patches/upstream/0082-Fix-CVE-2025-64486.patch calibre-8.5.0+ds/debian/patches/upstream/0082-Fix-CVE-2025-64486.patch
--- calibre-8.5.0+ds/debian/patches/upstream/0082-Fix-CVE-2025-64486.patch	1970-01-01 00:00:00.000000000 +0000
+++ calibre-8.5.0+ds/debian/patches/upstream/0082-Fix-CVE-2025-64486.patch	2025-11-09 07:06:24.000000000 +0000
@@ -0,0 +1,23 @@
+From: Kovid Goyal <kovid@kovidgoyal.net>
+Date: Thu, 6 Nov 2025 09:36:53 +0530
+Subject: Fix CVE-2025-64486
+
+Bug: https://github.com/kovidgoyal/calibre/security/advisories/GHSA-hpwq-c98h-xp8g
+Origin: https://github.com/kovidgoyal/calibre/commit/6f94bce214bf7d43c829804db3741afa5e83c0c5
+---
+ src/calibre/ebooks/conversion/plugins/fb2_input.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/calibre/ebooks/conversion/plugins/fb2_input.py b/src/calibre/ebooks/conversion/plugins/fb2_input.py
+index aeb6a39..e649bb0 100644
+--- a/src/calibre/ebooks/conversion/plugins/fb2_input.py
++++ b/src/calibre/ebooks/conversion/plugins/fb2_input.py
+@@ -169,7 +169,7 @@ class FB2Input(InputFormatPlugin):
+         from calibre.ebooks.fb2 import base64_decode
+         self.binary_map = {}
+         for elem in doc.xpath('./*'):
+-            if elem.text and 'binary' in elem.tag and 'id' in elem.attrib:
++            if elem.text and 'binary' in elem.tag and elem.get('id', ''):
+                 ct = elem.get('content-type', '')
+                 fname = elem.attrib['id']
+                 ext = ct.rpartition('/')[-1].lower()