Description of problem: Calibre enable cross-site scripting. the bug is corrected in the last version
need to backport python3-xxhash
Thank you for the report. Do we understand that Calibre should NOT allow XSS ? (In reply to Daniel Tartavel from comment #0) > the bug is corrected in the last version This current M9 version 6.17.0 is 16m old, and there have been many version updates in Cauldron since: first to 6.29.0, then from 7.1.0 to 7.17.0. What do you mean by "last version"? Can you say the first version which fixed the problem? As for python[3]-xxhash, we do not have this in M9, but as you imply, do for M10; hence the need to backport it to M9. Presuming it became a new 'requires' for calibre. I am away for several days, so assigning this directly to Stig who handles this package. And imported python-xxhash.
Assignee: bugsquad => smelror
hi, the last version in mageia 7.17.0 correct the problem.
Hi, Maybe this bug report talks about CVE-2024-7008. Bug 33535 also includes CVE-2024-6781, CVE-2024-6782 and CVE-2024-7009. Best regards, Nico.
CC: (none) => nicolas.salguero
Duplicate of bug 33535. *** This bug has been marked as a duplicate of bug 33535 ***
Status: NEW => RESOLVEDResolution: (none) => DUPLICATE