-
jupyter-notebook (6.0.3-2ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: Crafted link to login page redirects to malicious site
(LP: #1982670)
- debian/patches/CVE-2019-10856.patch: Handle empty netloc being
interpreted as first path part being the netloc by buggy browsers.
- CVE-2019-10856
* SECURITY UPDATE: Crafted link to login page redirects to spoofed server
(LP: #1982670)
- debian/patches/CVE-2020-26215.patch: Validate redirect target in
TrailingSlashHandler.
- CVE-2020-26215
* SECURITY UPDATE: Sensitive information disclosure leading to unauthorized
access (LP: #1982670)
- debian/patches/CVE-2022-24758.patch: Log only a non-sensitive subset of
the headers when a HTTP 5xx error other than HTTP 502 is triggered.
- CVE-2022-24758
* SECURITY UPDATE: Access to hidden files or to files in hidden directories
(LP: #1982670)
- debian/patches/CVE-2022-29238-1.patch: Add checks for hidden file or path on
file get.
- debian/patches/CVE-2022-29238-2.patch: added hidden checks on
FileContentsManager and accompanying tests.
- debian/patches/CVE-2022-29238-3.patch: Added hidden checks on
notebook/services/contents/handlers.py and accompanying tests.
- debian/patches/CVE-2022-29238-4.patch: Update log message to mention
hidden directories.
- debian/patches/CVE-2022-29238-5.patch: Update error messages to not
mention hidden files.
- CVE-2022-29238
-- Luís Infante da Câmara <email address hidden> Sun, 28 Aug 2022 23:08:58 +0100
-
jupyter-notebook (6.0.3-2) unstable; urgency=medium
* Bump xterm.js dependency to pick up a bug fix, change the way these
modules are loaded. Should actually fix the web terminal.
-- Gordon Ball <email address hidden> Wed, 05 Feb 2020 11:56:03 +0000
-
jupyter-notebook (6.0.3-1) unstable; urgency=medium
* New upstream version 6.0.3
* d/control: update versioned python dependencies
* d/control: update Standards-Version to 4.5.0
* Refresh patches; drop 0001-Nodejs-binary-and-import-names.patch since
node -> nodejs is no longer needed.
* Re-enable the xtermjs-based web terminal, as node-xterm is available
again (Closes: #935995, retires several related patches).
* d/rules: Drop now-unneeded dh_auto_install override
* Try and patch testsuite pythonpath issues
* d/source/lintian-overrides: rename tag insane-line-length ->
very-long-line-length
-- Gordon Ball <email address hidden> Fri, 31 Jan 2020 10:32:37 +0000
-
jupyter-notebook (6.0.2-1) unstable; urgency=medium
* New upstream version 6.0.2
* d/control: update versioned dependencies on jupyter-{core,client}
-- Gordon Ball <email address hidden> Wed, 01 Jan 2020 12:57:35 +0000
-
jupyter-notebook (6.0.0-2) unstable; urgency=medium
* Remove postinst and postrm logic for handling merged notebook JSON config
like /etc/jupyter/nbconfig/notebook in favour of dropping files in eg,
/etc/jupyter/nbconfig/notebook.d/, which should be simpler and more
robust. Accordingly, add breaks against the last version of ipywidgets
which used the old mechanism.
* Update build paths for node-react and version dependency after install
location was moved.
* Don't automatically enable the systemd user unit (Closes: #944743);
incorrectly enabled instances for non-interactive users can be disabled
with `systemctl --user --global disable jupyter-notebook`
-- Gordon Ball <email address hidden> Mon, 16 Dec 2019 19:56:28 +0000
-
jupyter-notebook (6.0.0-1) unstable; urgency=medium
[ Ondřej Nový ]
* Use debhelper-compat instead of debian/compat.
* Bump Standards-Version to 4.4.1.
[ Gordon Ball ]
* New upstream release 6.0.0
* Stop building python-notebook, since upstream has ceased to support python
2.7 as of this version (Closes: #936775).
* Add a copy of create-react-class, a new JS dependency that has been
discontinued upstream, and is hence probably not a good candidate for
standalone packaging.
* Rebuild UMD artifacts from node-react using webpack, since the available
version does not appear to be usable in a script context.
* Use debhelper compat level 12
-- Gordon Ball <email address hidden> Fri, 01 Nov 2019 20:39:16 +0000
-
jupyter-notebook (5.7.8-1) unstable; urgency=medium
* New upstream release 5.7.8
* Fixes CVE-2019-9644 (Closes: #924515)
* Fixes CVE-2019-10255 (Closes: #925939)
-- Gordon Ball <email address hidden> Mon, 06 May 2019 18:12:38 +0000