[Git][security-tracker-team/security-tracker][master] jupyterhub entered the archive

Sat, 27 Nov 2021 04:37:06 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
527b6b05 by Salvatore Bonaccorso at 2021-11-27T13:36:30+01:00
jupyterhub entered the archive

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10432,7 +10432,9 @@ CVE-2021-41249 (GraphQL Playground is a GraphQL IDE for 
development of graphQL f
 CVE-2021-41248 (GraphiQL is the reference implementation of this monorepo, 
GraphQL IDE ...)
        NOT-FOR-US: GraphiQL
 CVE-2021-41247 (JupyterHub is an open source multi-user server for Jupyter 
notebooks.  ...)
-       NOT-FOR-US: JupyterHub
+       - jupyterhub <unfixed>
+       NOTE: 
https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-cw7p-q79f-m2v7
+       NOTE: 
https://github.com/jupyterhub/jupyterhub/commit/5ac9e7f73a6e1020ffddc40321fc53336829fe27
 CVE-2021-41246
        RESERVED
 CVE-2021-41245
@@ -53064,7 +53066,8 @@ CVE-2021-23922 (An issue was discovered in Devolutions 
Remote Desktop Manager be
 CVE-2021-23921 (An issue was discovered in Devolutions Server before 2020.3. 
There is  ...)
        NOT-FOR-US: Devolutions Server
 CVE-2020-36191 (JupyterHub 1.1.0 allows CSRF in the admin panel via a request 
that lac ...)
-       NOT-FOR-US: JupyterHub
+       - jupyterhub <unfixed>
+       NOTE: https://github.com/jupyterhub/jupyterhub/issues/3304
 CVE-2020-36190 (RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 
allows  ...)
        NOT-FOR-US: RailsAdmin
 CVE-2021-3134 (Mubu 2.2.1 allows local users to gain privileges to execute 
commands,  ...)
@@ -172443,6 +172446,7 @@ CVE-2019-10256 (An authentication bypass 
vulnerability in VIVOTEK IPCam versions
 CVE-2019-10255 (An Open Redirect vulnerability for all browsers in Jupyter 
Notebook be ...)
        - jupyter-notebook 5.7.8-1 (bug #925939)
        [stretch] - jupyter-notebook <no-dsa> (Intrusive to backport)
+       - jupyterhub <not-affected> (Fixed before initial upload to Debian)
        NOTE: 
https://github.com/jupyter/notebook/commit/08c4c898182edbe97aadef1815cce50448f975cb
        NOTE: 
https://github.com/jupyter/notebook/commit/70fe9f0ddb3023162ece21fbb77d5564306b913b
        NOTE: When adressing this issue make sure to not open CVE-2019-10856 
and apply the



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/527b6b056689964b4fa6b817ab788646c9147424

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/527b6b056689964b4fa6b817ab788646c9147424
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to