Your message dated Mon, 24 Jan 2022 21:37:01 +0000
with message-id <[email protected]>
and subject line Bug#1004122: fixed in ipython 7.31.1-1
has caused the Debian Bug report #1004122,
regarding ipython: CVE-2022-21699
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1004122: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004122
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ipython
Version: 7.31.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for ipython.
CVE-2022-21699[0]:
| IPython (Interactive Python) is a command shell for interactive
| computing in multiple programming languages, originally developed for
| the Python programming language. Affected versions are subject to an
| arbitrary code execution vulnerability achieved by not properly
| managing cross user temporary files. This vulnerability allows one
| user to run code as another on the same machine. All users are advised
| to upgrade.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-21699
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21699
[1] https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x
[2]
https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ipython
Source-Version: 7.31.1-1
Done: Gordon Ball <[email protected]>
We believe that the bug you reported is fixed in the latest version of
ipython, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gordon Ball <[email protected]> (supplier of updated ipython package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 24 Jan 2022 20:22:25 +0000
Source: ipython
Architecture: source
Version: 7.31.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <[email protected]>
Changed-By: Gordon Ball <[email protected]>
Closes: 1004122
Changes:
ipython (7.31.1-1) unstable; urgency=medium
.
* New upstream version 7.31.1
* Fixes CVE-2022-21699 (execution of config files from the current
directory, which might allow cross-user attacks if ipython is run from a
directory multiple users can write). Closes: #1004122
Checksums-Sha1:
a08c68989fc0d81d1e8622eada92aef57f3e59df 2687 ipython_7.31.1-1.dsc
96c30fbbe2e2f8ef4e6b2a6bbd6d620f70b865b5 5711216 ipython_7.31.1.orig.tar.gz
f74d3ca65c3f42c684e8c5dba8d8612443ac228b 8068 ipython_7.31.1-1.debian.tar.xz
0f35d3e914a036baf63e230caf275477baf4c58c 6966 ipython_7.31.1-1_source.buildinfo
Checksums-Sha256:
db29822d0652a021decf51961b23b84294b84de7e768caa972b16593f26daf0e 2687
ipython_7.31.1-1.dsc
e9fc44298db707b65d42cecc21dbef162430f9931e5e4cdcf120a8e93b266daf 5711216
ipython_7.31.1.orig.tar.gz
29e076ae8a3687af53504f1defa656fd94e643cf0c8327d04d9ad32d60009381 8068
ipython_7.31.1-1.debian.tar.xz
444f0b53004979e0a55a66df8b394bedc94e6c03dbd8af4a3c6b26238aa64128 6966
ipython_7.31.1-1_source.buildinfo
Files:
f92149830ca7d0067a6781209bf1250b 2687 python optional ipython_7.31.1-1.dsc
2581a6c154acd536751eb96437ada703 5711216 python optional
ipython_7.31.1.orig.tar.gz
97e5953e0fbe5a84b8cfcc4b24c44817 8068 python optional
ipython_7.31.1-1.debian.tar.xz
da03ad15b3bf21ef4a92d43b41cb8f75 6966 python optional
ipython_7.31.1-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE6PwpXIa418BJ+Xuno12v+60p6N4FAmHvDv8ACgkQo12v+60p
6N6BRA/+PewiwyCUMBXKsTZ2ZGPw2FCDFoyhsSmM2kwuHo9MgZFOkMtFKEcbPKTG
JzbLEr268O7ezFuxLM1z78WjXCIP1DUEQtPEdOgi0D+Q03FtncmEll/Kzwo6tKF3
4BLXrdbnqqOu6gDdnloJ6aaCmxrxlNdUr8+9Mi+7NbTZNqA+7UL5FuKBCLOfCbr1
hq72cGhp9RtLSR5E0grnlowTaIwvH9b/1vyOemb2USGws0hvsrx4nTJHuqHaRhf7
G1xZUkpc6R26qQqYbzm6D2dF3r75uYJX6Mq2NevmOeD9Ie9On3KsWYshCEzUplQp
ijuBPIRE4Q9QBR6urW4KYiL3U6k+Fes0nEEjPqPFvyxkthxcUd4CKYAHF3mIWotP
HiTrEo49Qg2GfszB62u7cTFL/0TBgoUOju0JzZbF6J/z5d47uzZgtQ3CTsY/hHiZ
PjRntne398wFL51h0zDuQsGatpKhT6LB8p33+Lf+COj3kaxtmN2o/UbHI23Njeyw
8vqCHvE21UWC2ElD+5aJaN96WXVGJ5liQJX+RlMCUswkblTEXBJBrRiuigQwKot9
+QMwozQ/h4ig7AH3iPXfM54sr4YG6niRaW8NTXgcBlToKo3WtIRKeGprgxjn2Mvz
6tmFxhAl41wRFuiVMFO2DtUnwoGCJ3R9Z3wK9bx7tM0cCJhfum4=
=H/3g
-----END PGP SIGNATURE-----
--- End Message ---
