jupyter-notebook 6.0.3-2ubuntu0.1 source package in Ubuntu

Changelog

jupyter-notebook (6.0.3-2ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Crafted link to login page redirects to malicious site
    (LP: #1982670)
    - debian/patches/CVE-2019-10856.patch: Handle empty netloc being
      interpreted as first path part being the netloc by buggy browsers.
    - CVE-2019-10856
  * SECURITY UPDATE: Crafted link to login page redirects to spoofed server
    (LP: #1982670)
    - debian/patches/CVE-2020-26215.patch: Validate redirect target in
      TrailingSlashHandler.
    - CVE-2020-26215
  * SECURITY UPDATE: Sensitive information disclosure leading to unauthorized
    access (LP: #1982670)
    - debian/patches/CVE-2022-24758.patch: Log only a non-sensitive subset of
      the headers when a HTTP 5xx error other than HTTP 502 is triggered.
    - CVE-2022-24758
  * SECURITY UPDATE: Access to hidden files or to files in hidden directories
    (LP: #1982670)
    - debian/patches/CVE-2022-29238-1.patch: Add checks for hidden file or path on
      file get.
    - debian/patches/CVE-2022-29238-2.patch: added hidden checks on
      FileContentsManager and accompanying tests.
    - debian/patches/CVE-2022-29238-3.patch: Added hidden checks on
      notebook/services/contents/handlers.py and accompanying tests.
    - debian/patches/CVE-2022-29238-4.patch: Update log message to mention
      hidden directories.
    - debian/patches/CVE-2022-29238-5.patch: Update error messages to not
      mention hidden files.
    - CVE-2022-29238

 -- Luís Infante da Câmara <email address hidden>  Sun, 28 Aug 2022 23:08:58 +0100

Upload details

Uploaded by:
Luís Infante da Câmara
Sponsored by:
Nishit Majithia
Uploaded to:
Focal
Original maintainer:
Ubuntu Developers
Architectures:
all
Section:
python
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Focal updates universe misc
Focal security universe misc

Builds

Focal: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
jupyter-notebook_6.0.3.orig.tar.gz 6.1 MiB d2628730fd7bf542d88dbee7e8a469e52782471ba60840356419c6691f3abdad
jupyter-notebook_6.0.3-2ubuntu0.1.debian.tar.xz 63.1 KiB 8a152c6a80c475eb070d5464cf6f5c16d60a2e10eaf93cf8b7e991a09f5dd795
jupyter-notebook_6.0.3-2ubuntu0.1.dsc 3.4 KiB b5e2ef0631eb922ae6ca198f634067bf6609fb99b8b65d5ef8d9b9ddfc8b12d7

View changes file

Binary packages built by this source

jupyter-notebook: Jupyter interactive notebook

 The Jupyter Notebook is a web application that allows you to create and
 share documents that contain live code, equations, visualizations, and
 explanatory text. The Notebook has support for multiple programming
 languages, sharing, and interactive widgets.
 .
 This package provides the jupyter subcommands "notebook", "nbextension",
 "serverextension" and "bundlerextension".

python-notebook-doc: Jupyter interactive notebook (documentation)

 The Jupyter Notebook is a web application that allows you to create and
 share documents that contain live code, equations, visualizations, and
 explanatory text. The Notebook has support for multiple programming
 languages, sharing, and interactive widgets.
 .
 This package contains the documentation.

python3-notebook: Jupyter interactive notebook (Python 3)

 The Jupyter Notebook is a web application that allows you to create and
 share documents that contain live code, equations, visualizations, and
 explanatory text. The Notebook has support for multiple programming
 languages, sharing, and interactive widgets.
 .
 This package contains the Python 3 library.