Public bug reported: ipython 0.12 in precise is affected by CVE-2014-3429 which allows remote execution of code if one has knowledge of the kernel id (uuid)
the version in lucid and trusty are not affected See this page for details of the issue: http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython ** Affects: ipython (Ubuntu) Importance: Undecided Status: Fix Released ** Affects: ipython (Ubuntu Precise) Importance: Undecided Status: New ** Changed in: ipython (Ubuntu) Status: New => Fix Released ** Also affects: ipython (Ubuntu Precise) Importance: Undecided Status: New ** Description changed: ipython 0.12 in precise is affected by CVE-2014-3429 which allows remote execution of code if one has knowledge of the kernel id (uuid) + the version in lucid and trusty are not affected + See this page for details of the issue: http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-3429 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1344854 Title: CVE-2014-3429: remote execution via cross origin websocket To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipython/+bug/1344854/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
