Your message dated Wed, 02 Feb 2022 20:34:41 +0000
with message-id <[email protected]>
and subject line Bug#1004122: fixed in ipython 7.20.0-1+deb11u1
has caused the Debian Bug report #1004122,
regarding ipython: CVE-2022-21699
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1004122: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004122
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ipython
Version: 7.31.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for ipython.
CVE-2022-21699[0]:
| IPython (Interactive Python) is a command shell for interactive
| computing in multiple programming languages, originally developed for
| the Python programming language. Affected versions are subject to an
| arbitrary code execution vulnerability achieved by not properly
| managing cross user temporary files. This vulnerability allows one
| user to run code as another on the same machine. All users are advised
| to upgrade.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-21699
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21699
[1] https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x
[2]
https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ipython
Source-Version: 7.20.0-1+deb11u1
Done: Gordon Ball <[email protected]>
We believe that the bug you reported is fixed in the latest version of
ipython, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gordon Ball <[email protected]> (supplier of updated ipython package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 28 Jan 2022 14:09:36 +0000
Source: ipython
Architecture: source
Version: 7.20.0-1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Python Team <[email protected]>
Changed-By: Gordon Ball <[email protected]>
Closes: 1004122
Changes:
ipython (7.20.0-1+deb11u1) bullseye-security; urgency=high
.
* Fixes CVE-2022-21699 (execution of config files from the current
directory, which might allow cross-user attacks if ipython is run from a
directory multiple users can write). Closes: #1004122
Checksums-Sha1:
74e93b71ceb0ca3927430bf56920da3ddb4887ec 2578 ipython_7.20.0-1+deb11u1.dsc
9edbc11042ec4b8c550438989e1643f898c080eb 5696179 ipython_7.20.0.orig.tar.gz
f97366101559da43340466f3332375a09c96933d 9696
ipython_7.20.0-1+deb11u1.debian.tar.xz
576aa1df4d592ce3f9246e48300aa79a67f215f1 6982
ipython_7.20.0-1+deb11u1_source.buildinfo
Checksums-Sha256:
3138e82241e466919c579810456646da56fa08335ae75ad90296fc24b6e33d22 2578
ipython_7.20.0-1+deb11u1.dsc
a26fbf2837e8191ed297f77454be4c91a44a3686bf4762c61b2d073207f19850 5696179
ipython_7.20.0.orig.tar.gz
d85da128e3f70465aabb722d85dce5be9d77ad2bb3f8551c432ebaff56edaf88 9696
ipython_7.20.0-1+deb11u1.debian.tar.xz
9fb3188d465dc2aea4e87ad964d6a314396ec999c7d94d430239aae79870eb24 6982
ipython_7.20.0-1+deb11u1_source.buildinfo
Files:
2d87a1fa7fc80f62170c227d10654ffa 2578 python optional
ipython_7.20.0-1+deb11u1.dsc
1b0359c46d221bae51760cbd92499428 5696179 python optional
ipython_7.20.0.orig.tar.gz
a48fef21d199d37f3e37aea0a7b9998e 9696 python optional
ipython_7.20.0-1+deb11u1.debian.tar.xz
9a3c8489966f18dfc36d6b4d38bc5695 6982 python optional
ipython_7.20.0-1+deb11u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE6PwpXIa418BJ+Xuno12v+60p6N4FAmH2+pkACgkQo12v+60p
6N58MxAAjpG4Q5YXtrjVrx4Kragrnv/eTDYovj35uVZ0D9JvOioKMrA/woQGQxDs
4W6We7ZTJd90oLnfu8+BPmmTgRAssr4py04R2Fb2iuQN2mcPzp6JvZDALyfp2s+d
v/VKD1KTprx1viKOZOKg+OWI8Pqhhh6qaOTUUUWMmy7SODw0GJ0Lro8GKV3Gn6iU
GAE89bguH++RE4g96CY8eWEEfzezitmTz2tqVslIvk2UluR8B/CxxdlA5XRuxUDz
vUo0zxHDen0eWbs+2whw4nXkQAPQn/HP6Cnak//U7oNRj7k+pDLnT1Ex6+FJQ7M9
WfsB984dZOEvbRFlbdreg9Rki5w+2h3UMACjsnoob4JwrRvEX6j8ismDNreorjYZ
VDjVYHiN/UJoEwAMzlDmu9o47p7AjH7DaXF3LgZ4X53cltOM6dTLTKTnGvyEpe05
Rf7Cw7O6OVODl8pGArL4NUStH4463pYI3EFBuJNSLDiQW/OPDJ0J9tPkoy8JTJGj
mGTkQYmKMUJeMBR8dS0SE7HDIzYa0P87Z4LTHfElkXs1wIBxyWdEhFs1hZRUmP1V
bFloc8Ui9UB5oszXsYSkmXpH5bNB+1enZ+tvc7LpIFV2HrdxJpROJtNgzNHuN22N
pHnCk0ylAtyw+cAj+BdoEkCYYw1eqU5r1CdGEyA8IkcCu3gtkco=
=sHWS
-----END PGP SIGNATURE-----
--- End Message ---
