Ubuntu
jupyter-notebook package

jupyter-notebook 5.2.2-1ubuntu0.1 source package in Ubuntu

Changelog

jupyter-notebook (5.2.2-1ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Cross-site scripting via untrusted notebook (LP: #1982670)
    - debian/patches/CVE-2018-19351.patch: Apply CSP sandboxing to nbconvert
      responses.
    - CVE-2018-19351
  * SECURITY UPDATE: Cross-site inclusion on malicious pages (LP: #1982670)
    - debian/patches/CVE-2019-9644-1.patch: Block cross-origin GET and HEAD
      requests with mismatched Referer.
    - debian/patches/CVE-2019-9644-2.patch: Add CSRF checks on files endpoints.
    - debian/patches/CVE-2019-9644-3.patch: Set X-Content-Type-Options: nosniff
      on all handlers for protecting non-script resources.
    - CVE-2019-9644
  * SECURITY UPDATE: Crafted link to login page redirects to malicious site
    (LP: #1982670)
    - debian/patches/CVE-2019-10255-1.patch: Parse URLs when validating redirect
      targets.
    - debian/patches/CVE-2019-10255-2.patch: Protect against Chrome mishandling
      backslashes as slashes in URLs.
    - debian/patches/CVE-2019-10255-3.patch: Handle empty netloc being
      interpreted as first path part being the netloc by buggy browsers.
    - CVE-2019-10255, CVE-2019-10856
  * SECURITY UPDATE: Cross-site scripting (LP: #1982670)
    - debian/patches/CVE-2018-21030-1.patch: Use CSP header to treat served
      files as belonging to a separate origin.
    - debian/patches/CVE-2018-21030-2.patch: Add a content_security_policy
      property instead of the CSP header.
    - CVE-2018-21030
  * SECURITY UPDATE: Crafted link to login page redirects to spoofed server
    (LP: #1982670)
    - debian/patches/CVE-2020-26215.patch: Validate redirect target in
      TrailingSlashHandler.
    - CVE-2020-26215
  * SECURITY UPDATE: Sensitive information disclosure leading to unauthorized
    access (LP: #1982670)
    - debian/patches/CVE-2022-24758.patch: Log only a non-sensitive subset of
      the headers when a HTTP 5xx error other than HTTP 502 is triggered.
    - CVE-2022-24758
  * Address Lintian warnings.

 -- Luís Infante da Câmara <email address hidden>  Sun, 28 Aug 2022 23:00:01 +0100

Upload details

Uploaded by:
Luís Infante da Câmara
Sponsored by:
Nishit Majithia
Uploaded to:
Bionic
Original maintainer:
Ubuntu Developers
Architectures:
all
Section:
python
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Bionic updates universe misc
Bionic security universe misc

Builds

Bionic: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
jupyter-notebook_5.2.2.orig.tar.gz 5.4 MiB 22f9a6cf5212805e9818bcb2ed4a18a7ab654cbeae1a411f49a8c356b358e5c5
jupyter-notebook_5.2.2-1ubuntu0.1.debian.tar.xz 54.2 KiB 64d18e0ffc83a07591ad2ae3632a757309e8aede27d7f0f9ac8a02991c2fc148
jupyter-notebook_5.2.2-1ubuntu0.1.dsc 3.7 KiB d6f608337285affc2db979bb2b2613a93b28777ab5e0c263baf89a5701cc80de

View changes file

Binary packages built by this source

jupyter-notebook: Jupyter interactive notebook

 The Jupyter Notebook is a web application that allows you to create and
 share documents that contain live code, equations, visualizations, and
 explanatory text. The Notebook has support for multiple programming
 languages, sharing, and interactive widgets.
 .
 This package provides the jupyter subcommands "notebook", "nbextension",
 "serverextension" and "bundlerextension".

python-notebook: Jupyter interactive notebook (Python 2)

 The Jupyter Notebook is a web application that allows you to create and
 share documents that contain live code, equations, visualizations, and
 explanatory text. The Notebook has support for multiple programming
 languages, sharing, and interactive widgets.
 .
 This package contains the Python 2 library.
 .
 This package is not required to run Python 2 code in the notebook, only to
 allow Python 2 code to interact directly with the notebook server.

python-notebook-doc: Jupyter interactive notebook (documentation)

 The Jupyter Notebook is a web application that allows you to create and
 share documents that contain live code, equations, visualizations, and
 explanatory text. The Notebook has support for multiple programming
 languages, sharing, and interactive widgets.
 .
 This package contains the documentation.

python3-notebook: Jupyter interactive notebook (Python 3)

 The Jupyter Notebook is a web application that allows you to create and
 share documents that contain live code, equations, visualizations, and
 explanatory text. The Notebook has support for multiple programming
 languages, sharing, and interactive widgets.
 .
 This package contains the Python 3 library.