[USN-4085-1] Sigil vulnerability

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEwZbe96kJeWh2OITRdyg1Qz0oXX0FAl1C9VUACgkQdyg1Qz0o
XX0yoRAAvg0iBMx6Ya4SYj9lpEbo3jGtMNHpW0qaATKTDJzvIiXGpngh7VEkNfDB
uWUVfS1u98xaGU5mNbkItCSnXN5l+rXXco456l9Ld4LIFcaoC+L3UPDiIi1ZIgu5
hv5S5dSPFFykHO1tNC6B2lQtDpZoDQGiXiOGPp53vdYTAjIeMtJvsie5IJ1BYvHw
07dRPBSNr1vvYldWaT8inAVL5GSmte028bMIbYFMivLOdhrbtggMqX9dHa1iZrq/
rl8WRCbXG8qWlrgr0rRnUISs8BUQlwQjYxAsxD3Ud2VONAVKl2Jc0yrUbrJFWryH
FAIQdD1mNeoTcMSlfdUtZH2w1HU5Nr1j7P7pPApkBzePFyF81pwYJCTUeSw8JoAB
gIIXjjEq7fDetJTxUm/QyGjVz+PLT0gQJfcK/fVK/V1xC26ctm/Iz0gueNv/ugK+
Z6ZB8MG1209ILExB7cbs72deFNXaCR5jH9cydmtRljUfKMg2KrpMwuhYs4bCB+MA
Smt1uiz2/DUN0nPnKsijKCFyCupMjHDgOE9Z4NbNKEpdHF7dreCoHVPa810l2EWY
H0qC5jg7cogT1U+lI/RO19+asE06E2jK5UgBBD04COmMY/Z6rYQYm8b9E4O+9+ra
PQdwtHyDBAsgEIy7oH2gaYiGNQcS8En9rWDsCusjk4vRjiJmRgk=
=p8Bk
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-4085-1
August 01, 2019

Sigil vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Sigil could be made to overwrite files.

Software Description:
- sigil: multi-platform ebook editor

Details:

Mike Salvatore discovered that Sigil mishandled certain malformed EPUB
files. An attacker could use this vulnerability to write arbitrary files to
the filesystem.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
sigil 0.9.13+dfsg-1ubuntu0.1
sigil-data 0.9.13+dfsg-1ubuntu0.1

Ubuntu 18.04 LTS:
sigil 0.9.9+dfsg-1ubuntu0.1~esm1
sigil-data 0.9.9+dfsg-1ubuntu0.1~esm1

Ubuntu 16.04 LTS:
sigil 0.9.5+dfsg-0ubuntu1+esm1
sigil-data 0.9.5+dfsg-0ubuntu1+esm1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4085-1
CVE-2019-14452

Package Information:
https://launchpad.net/ubuntu/+source/sigil/0.9.13+dfsg-1ubuntu0.1
https://launchpad.net/ubuntu/+source/sigil/0.9.9+dfsg-1ubuntu0.1~esm1
https://launchpad.net/ubuntu/+source/sigil/0.9.5+dfsg-0ubuntu1+esm1