Your message dated Mon, 06 May 2019 18:48:52 +0000
with message-id <[email protected]>
and subject line Bug#924515: fixed in jupyter-notebook 5.7.8-1
has caused the Debian Bug report #924515,
regarding jupyter-notebook: CVE-2019-9644
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
924515: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924515
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: jupyter-notebook
Version: 5.7.4-2
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for jupyter-notebook.
CVE-2019-9644[0]:
| An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before
| 5.7.6 allows inclusion of resources on malicious pages when visited by
| users who are authenticated with a Jupyter server. Access to the
| content of resources has been demonstrated with Internet Explorer
| through capturing of error messages, though not reproduced with other
| browsers. This occurs because Internet Explorer's error messages can
| include the content of any invalid JavaScript that was encountered.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-9644
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9644
[1] https://github.com/jupyter/notebook/compare/f3f00df...05aa4b2
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: jupyter-notebook
Source-Version: 5.7.8-1
We believe that the bug you reported is fixed in the latest version of
jupyter-notebook, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gordon Ball <[email protected]> (supplier of updated jupyter-notebook
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 06 May 2019 18:12:38 +0000
Source: jupyter-notebook
Binary: jupyter-notebook python-notebook python-notebook-doc python3-notebook
Architecture: source all
Version: 5.7.8-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Modules Team
<[email protected]>
Changed-By: Gordon Ball <[email protected]>
Description:
jupyter-notebook - Jupyter interactive notebook
python-notebook - Jupyter interactive notebook (Python 2)
python-notebook-doc - Jupyter interactive notebook (documentation)
python3-notebook - Jupyter interactive notebook (Python 3)
Closes: 924515 925939
Changes:
jupyter-notebook (5.7.8-1) unstable; urgency=medium
.
* New upstream release 5.7.8
* Fixes CVE-2019-9644 (Closes: #924515)
* Fixes CVE-2019-10255 (Closes: #925939)
Checksums-Sha1:
874eeaa19a2cec1b655351f8c1fdfc0d64656d84 4035 jupyter-notebook_5.7.8-1.dsc
51f60db0708172fee8243270f5334e4d275d5ce4 6418926
jupyter-notebook_5.7.8.orig.tar.gz
5bb0d335d06076dd88027d5085c9899869defc58 51292
jupyter-notebook_5.7.8-1.debian.tar.xz
9a3e058b50d45d7783d539927aba603ffb17006f 21884 jupyter-notebook_5.7.8-1_all.deb
fd48635d8446e4df70ea4b1c29ab4fdff83d2c32 14266
jupyter-notebook_5.7.8-1_amd64.buildinfo
7669c86ad965d0a15b9f84165a788a629af0156c 2489572
python-notebook-doc_5.7.8-1_all.deb
5e9f3385b204e07ac9b2a36e537941d00704991d 1009836
python-notebook_5.7.8-1_all.deb
c50c6a71253e9826a63d28b0b4ef90b610e8199c 1009972
python3-notebook_5.7.8-1_all.deb
Checksums-Sha256:
a8dc9de7576c394eb6bc2c5ac1831f9b7524e7dbf266c52c9d4aa4f220cafd9d 4035
jupyter-notebook_5.7.8-1.dsc
b4691f40924eca3c9dabf0bf6b1884aef76aa7e380f4c37781cf18b3a2f72702 6418926
jupyter-notebook_5.7.8.orig.tar.gz
7d7bb9f193f4e660ff2fdda3605501872760b83050b4ce4612535ba1d2250b2a 51292
jupyter-notebook_5.7.8-1.debian.tar.xz
84792a652e46d8c9236c571eefbcfa9fd4b175a194ebfe7b5eef6dde4c5fa4b0 21884
jupyter-notebook_5.7.8-1_all.deb
e71e7137b62049cc94a546714ec7152b10bf4bdb54218644486476184894d5bb 14266
jupyter-notebook_5.7.8-1_amd64.buildinfo
5480cf934e1fdd1547b101f6add27b94f3644832f09936c8fec2e7455f3861b4 2489572
python-notebook-doc_5.7.8-1_all.deb
320ee4fb8f117d0b4825cb08108f877a6825fdbb941acf5af81aabe435ebc1bd 1009836
python-notebook_5.7.8-1_all.deb
a23aec95c264a2207b99a07da637f1a4199524bfbad81afbe956fe3b309cbc2d 1009972
python3-notebook_5.7.8-1_all.deb
Files:
f2c9cdda74ca3f32cc9a94eccbb26bc1 4035 python optional
jupyter-notebook_5.7.8-1.dsc
07307d1b0ad171920c91f943732bb4db 6418926 python optional
jupyter-notebook_5.7.8.orig.tar.gz
8c55e2413b3ef9c3e7efafeb0b406159 51292 python optional
jupyter-notebook_5.7.8-1.debian.tar.xz
16422647575731006fd5dd7d04e92b37 21884 science optional
jupyter-notebook_5.7.8-1_all.deb
bf7d6887f0ef9c70bc1dfb29ffaa3c12 14266 python optional
jupyter-notebook_5.7.8-1_amd64.buildinfo
e4b1956647a9d9b868ddaa1b40d07ddf 2489572 doc optional
python-notebook-doc_5.7.8-1_all.deb
6b77e866c784bf3338ac4b8afc059f9d 1009836 python optional
python-notebook_5.7.8-1_all.deb
7822345283b53e89368cccaae3b78082 1009972 python optional
python3-notebook_5.7.8-1_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE6PwpXIa418BJ+Xuno12v+60p6N4FAlzQfgkACgkQo12v+60p
6N59Tw/+Mrni1R+HoUisERTTJIqLXHKbR0S0jAfbDWFrxx2EsxDSFS2JciY/WvGh
+MWqWy+o1P09jXDoq4gqmcpxcqBx3YsH60xE8gc/REiYRNE2DcKA6cIeB/WoHZRr
DofUIdxB37uSyYUS/uldA8ONPH8jFoKL1m3V4mD+xlQZOdCGSCjpXu1QEH1Tw0Pq
XStir5epRBqLWly5dgy4EbEVsg0X0CWxRLBH1kab9g1942oPwxE82zv3hMdtxKGw
K7G9Th4paZP9q/k582R76iuv3bmvY2yFBktOUc8cNF9oXkN9S6s3FiduGwAD6Mil
6VDxCWxbpfoHv+6yai9OT2xaVhpf2WGn+xcpDQZnzubtLDe9J/Z6dOHEuSc4Wr8q
GRuHD+ftexF5X5QRuDJ286NcgpsCD+UeFJMsRJrXM4dk4vDRZcsUFfTjua6ebJ5G
cWlyuUpJzyBK8SbWIF7Vy4LW1Px4B4XRq3N5kIJ47tVuzB4KstLAt5U8PGL3fXgO
C1slAm6ipp/Iqi6MOv8y6BPnEqLTwGsU9KuzFUI/77fh8n8Nz2pB5IlZsZC1eUtq
5KNfkHHdy0hQyIL/lGkMdpu5sGurBNvU9leJuZW7+d20hFIMdqAqDf8N5ybCruO4
2S1MzxmlWcIwLICj6sZksVPC/5Eentivh/2BgiuDJ3Mz7DwFKrA=
=ptQy
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Python-modules-team mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/python-modules-team
