[ubuntu/bionic-updates] jupyter-notebook 5.2.2-1ubuntu0.1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Tue Aug 30 10:28:13 UTC 2022
jupyter-notebook (5.2.2-1ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: Cross-site scripting via untrusted notebook (LP: #1982670)
- debian/patches/CVE-2018-19351.patch: Apply CSP sandboxing to nbconvert
responses.
- CVE-2018-19351
* SECURITY UPDATE: Cross-site inclusion on malicious pages (LP: #1982670)
- debian/patches/CVE-2019-9644-1.patch: Block cross-origin GET and HEAD
requests with mismatched Referer.
- debian/patches/CVE-2019-9644-2.patch: Add CSRF checks on files endpoints.
- debian/patches/CVE-2019-9644-3.patch: Set X-Content-Type-Options: nosniff
on all handlers for protecting non-script resources.
- CVE-2019-9644
* SECURITY UPDATE: Crafted link to login page redirects to malicious site
(LP: #1982670)
- debian/patches/CVE-2019-10255-1.patch: Parse URLs when validating redirect
targets.
- debian/patches/CVE-2019-10255-2.patch: Protect against Chrome mishandling
backslashes as slashes in URLs.
- debian/patches/CVE-2019-10255-3.patch: Handle empty netloc being
interpreted as first path part being the netloc by buggy browsers.
- CVE-2019-10255, CVE-2019-10856
* SECURITY UPDATE: Cross-site scripting (LP: #1982670)
- debian/patches/CVE-2018-21030-1.patch: Use CSP header to treat served
files as belonging to a separate origin.
- debian/patches/CVE-2018-21030-2.patch: Add a content_security_policy
property instead of the CSP header.
- CVE-2018-21030
* SECURITY UPDATE: Crafted link to login page redirects to spoofed server
(LP: #1982670)
- debian/patches/CVE-2020-26215.patch: Validate redirect target in
TrailingSlashHandler.
- CVE-2020-26215
* SECURITY UPDATE: Sensitive information disclosure leading to unauthorized
access (LP: #1982670)
- debian/patches/CVE-2022-24758.patch: Log only a non-sensitive subset of
the headers when a HTTP 5xx error other than HTTP 502 is triggered.
- CVE-2022-24758
* Address Lintian warnings.
Date: 2022-08-29 10:53:08.933379+00:00
Changed-By: Luís Cunha dos Reis Infante da Câmara <luis.infante.da.camara at tecnico.ulisboa.pt>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/jupyter-notebook/5.2.2-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list