-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 01 Mar 2026 16:14:12 +0900 Source: calibre Architecture: source Version: 6.13.0+repack-2+deb12u6 Distribution: bookworm Urgency: medium Maintainer: Calibre maintainer team Changed-By: YOKOTA Hiroshi Changes: calibre (6.13.0+repack-2+deb12u6) bookworm; urgency=medium . * CVE-2026-25635: CHM Input: Ignore internal files that have paths that end up outside the container * CVE-2026-25636: DRYer * CVE-2026-25731: ZIP Output: Change the template engine used for HTML templating from templite to Mustache, for greater safety and performance. Note that this is a breaking change if you use custom templates with ZIP output. * Use pystache instead of templite to fix CVE-2026-25731 * Add NEWS about CVE-2026-25731 fix * CVE-2026-26064: ODT Input: Ensure images are extracted within container * CVE-2026-26065: PDB Input: Ensure extracted images are within the container * CVE-2026-27810: Content server: Sanitize content disposition received as query parameter * CVE-2026-27824: Content server: When banning IPs for repeated login is enabled, only use the IP address not any HTTP headers as the ban key Checksums-Sha1: 64fbdf69b4c1a781d414d27087045d616b4aa67b 4418 calibre_6.13.0+repack-2+deb12u6.dsc bb52fd3691ab2448f5e436673839caac569acf5c 131328 calibre_6.13.0+repack-2+deb12u6.debian.tar.xz c20d650763ae45a8f6b5f2455dc8dd115abdc709 17777 calibre_6.13.0+repack-2+deb12u6_source.buildinfo Checksums-Sha256: c4caad5d090292f695a1e2b216645f0336e3373ac3ec7a28560a2e7d329071f6 4418 calibre_6.13.0+repack-2+deb12u6.dsc c1e9180cc128cea9a96531410e5daca754560e96affe40e29f7494868e9f8186 131328 calibre_6.13.0+repack-2+deb12u6.debian.tar.xz b7807270b1a6fb36c8b1808e747e8d4704f94546909277fed12da3ab1737a350 17777 calibre_6.13.0+repack-2+deb12u6_source.buildinfo Files: 58f4f651ca46eeac0e6c9a49419f385d 4418 text optional calibre_6.13.0+repack-2+deb12u6.dsc 19c2470d43ab0f0d753f8431b4ab3b46 131328 text optional calibre_6.13.0+repack-2+deb12u6.debian.tar.xz 97bf0e8c83eae8a38dade1890b2f6ef1 17777 text optional calibre_6.13.0+repack-2+deb12u6_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJKBAEBCgA0FiEErjlfKHqxT11VFyPEqem2T5LebcoFAmnSew0WHHlva290YS5o Z21sQGdtYWlsLmNvbQAKCRCp6bZPkt5tyu5iEAC9tu9mP3zerG2/MLw/POVbPaip UkexsZyXPLhBwgp7Xfj4GgNNhMoZ26IrdepOlqJn2C126g4PEBw2iaZtwKSH5v4F c/83A3v7mh8dDEhNF6d+ILnNbY8TEUa3iAGE0wyRk6uhd9/9h52eD880aezEkj0h aV4AJvkJaL03g1HXODMjTzscgS+NExTwjf7sm5QzbM3hcGDp+cxBgRa8Iw+DZdfk JHXEZHn874Mtr0aoi6T4EDDBN1hSLPds10lDm/aZqx9Dxnzzqhwh9OixcuaStslb J8FtMxY9Y+L9TLa3ADLLYal1T+W4Vez10bUt2thQX7ekpCx+oonOzZ4BtIdqJMsU Jqei945zfPfHvyougXJwNzjUEgb4iaIvYM4511X6R1gj2fY41cJl3mXLcs7NzZqR mkH5f2waHHsYRjqKOYvoKITbRt/CrF8VYTTtGGvgup72idsKV1WgH5XjFHesZ7FD ZxihRhiXxPW0NeszUOyafOyTsvwKbGgqiA/lLDOTBP97EziHby0knbSql3cSCB0J +x4baqPrrXM9B2Jb75V0oETcljD/qnQeCi/PPJbcL1b4jZ5X/ATYtYCL7qwLctNw QdhcWxekmRaBkFkzCnkP2BBDN2fVao8ovBwe6BWsfYlnGWlqKwsFKSWELYs/Oivv JF9wTO+bpgvrdRkwRw== =DKEE -----END PGP SIGNATURE-----