Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3892e3d4 by Abhijith PA at 2020-11-02T12:27:47+05:30 Marked CVE-2018-19352 as not-affected. Vulnerable code introduced after 4.2.3 (stretch version). See commit https://github.com/jupyter/notebook/commit/9ce534c020da37e6c8367884133eece5efc9ca82 Remove no-dsa tag for CVE-2018-8768 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -125418,6 +125418,7 @@ CVE-2018-19353 (The ansilove_ansi function in loaders/ansi.c in libansilove 1.0. NOT-FOR-US: libansilove CVE-2018-19352 (Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name ...) - jupyter-notebook 5.7.4-1 (bug #917408) + [stretch] - jupyter-notebook <not-affected> (Vulnerable code not present) NOTE: https://github.com/jupyter/notebook/commit/288b73e1edbf527740e273fcc69b889460871648 CVE-2018-19351 (Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook bec ...) - jupyter-notebook 5.7.4-1 (bug #917409) @@ -154186,7 +154187,6 @@ CVE-2017-18239 (A time-sensitive equality check on the JWT signature in the Json NOT-FOR-US: authentikat-jwt CVE-2018-8768 (In Jupyter Notebook before 5.4.1, a maliciously forged notebook file c ...) - jupyter-notebook 5.4.1-1 (bug #893436) - [stretch] - jupyter-notebook <no-dsa> (Minor issue) - ipython 5.1.0-2 [jessie] - ipython <no-dsa> (Minor issue) [wheezy] - ipython <ignored> (Too invasive to fix) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3892e3d41ad137d12c43eeaf1d23579702e4ca5e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3892e3d41ad137d12c43eeaf1d23579702e4ca5e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
