[ubuntu/focal-updates] jupyter-notebook 6.0.3-2ubuntu0.1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Tue Aug 30 10:28:14 UTC 2022
jupyter-notebook (6.0.3-2ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: Crafted link to login page redirects to malicious site
(LP: #1982670)
- debian/patches/CVE-2019-10856.patch: Handle empty netloc being
interpreted as first path part being the netloc by buggy browsers.
- CVE-2019-10856
* SECURITY UPDATE: Crafted link to login page redirects to spoofed server
(LP: #1982670)
- debian/patches/CVE-2020-26215.patch: Validate redirect target in
TrailingSlashHandler.
- CVE-2020-26215
* SECURITY UPDATE: Sensitive information disclosure leading to unauthorized
access (LP: #1982670)
- debian/patches/CVE-2022-24758.patch: Log only a non-sensitive subset of
the headers when a HTTP 5xx error other than HTTP 502 is triggered.
- CVE-2022-24758
* SECURITY UPDATE: Access to hidden files or to files in hidden directories
(LP: #1982670)
- debian/patches/CVE-2022-29238-1.patch: Add checks for hidden file or path on
file get.
- debian/patches/CVE-2022-29238-2.patch: added hidden checks on
FileContentsManager and accompanying tests.
- debian/patches/CVE-2022-29238-3.patch: Added hidden checks on
notebook/services/contents/handlers.py and accompanying tests.
- debian/patches/CVE-2022-29238-4.patch: Update log message to mention
hidden directories.
- debian/patches/CVE-2022-29238-5.patch: Update error messages to not
mention hidden files.
- CVE-2022-29238
Date: 2022-08-29 10:53:11.167386+00:00
Changed-By: Luís Cunha dos Reis Infante da Câmara <luis.infante.da.camara at tecnico.ulisboa.pt>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/jupyter-notebook/6.0.3-2ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list