Your message dated Sat, 05 Feb 2022 19:02:30 +0000
with message-id <[email protected]>
and subject line Bug#1004122: fixed in ipython 5.8.0-1+deb10u1
has caused the Debian Bug report #1004122,
regarding ipython: CVE-2022-21699
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1004122: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004122
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ipython
Version: 7.31.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for ipython.
CVE-2022-21699[0]:
| IPython (Interactive Python) is a command shell for interactive
| computing in multiple programming languages, originally developed for
| the Python programming language. Affected versions are subject to an
| arbitrary code execution vulnerability achieved by not properly
| managing cross user temporary files. This vulnerability allows one
| user to run code as another on the same machine. All users are advised
| to upgrade.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-21699
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21699
[1] https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x
[2]
https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ipython
Source-Version: 5.8.0-1+deb10u1
Done: Gordon Ball <[email protected]>
We believe that the bug you reported is fixed in the latest version of
ipython, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gordon Ball <[email protected]> (supplier of updated ipython package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 28 Jan 2022 14:37:34 +0000
Source: ipython
Architecture: source
Version: 5.8.0-1+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Python Modules Team
<[email protected]>
Changed-By: Gordon Ball <[email protected]>
Closes: 1004122
Changes:
ipython (5.8.0-1+deb10u1) buster-security; urgency=high
.
* Fixes CVE-2022-21699 (execution of config files from the current
directory, which might allow cross-user attacks if ipython is run from a
directory multiple users can write). Closes: #1004122
Checksums-Sha1:
4b39a95e0501505c469ba216c7476b0ca477942e 2891 ipython_5.8.0-1+deb10u1.dsc
987b66cc662db8bd2ae96eee2f2237266d0c92dc 4977824 ipython_5.8.0.orig.tar.gz
621e9d4d0c228df1477b2e4e557a23a791b9736b 8188
ipython_5.8.0-1+deb10u1.debian.tar.xz
27b4edfc06e01ec6c9a41059d99e01406fa165b3 6898
ipython_5.8.0-1+deb10u1_source.buildinfo
Checksums-Sha256:
4f388375e48d55692425a8f4de9c8b4297a96ce42fcfc004bd87e8704ff1a18b 2891
ipython_5.8.0-1+deb10u1.dsc
4bac649857611baaaf76bc82c173aa542f7486446c335fe1a6c05d0d491c8906 4977824
ipython_5.8.0.orig.tar.gz
70d13b3973e93131677da66625e20ccfc0a60885afcb79f7d5d103b05ba2f660 8188
ipython_5.8.0-1+deb10u1.debian.tar.xz
fd34f607ebafd474d81d415eeffb643678ed14ad6566c7efe529d4498387a2bd 6898
ipython_5.8.0-1+deb10u1_source.buildinfo
Files:
a1d191327a9b139d1351f3e67162530a 2891 python optional
ipython_5.8.0-1+deb10u1.dsc
7014b8824981eef2cb893ea5398d6b8d 4977824 python optional
ipython_5.8.0.orig.tar.gz
1cc8a455e6656c7bc8e2e00e70801517 8188 python optional
ipython_5.8.0-1+deb10u1.debian.tar.xz
aa141657594d045dd02623c2c885f6de 6898 python optional
ipython_5.8.0-1+deb10u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE6PwpXIa418BJ+Xuno12v+60p6N4FAmH2+pgACgkQo12v+60p
6N70vw//bls7MdBr5EMWOxtr/I5k1sQfc9Mag3v1l/eIU4hIElJMEnCWB7GZlhpR
c1Hltx1Qe1yryzzx+gZNZe0QABw7akTRbbPw4m3+XY3/z/AYDTf1Lf/Bhq7rnCOc
JeoDEX9+kjBD9aUWd0uwELtcdTPlAtIkr466hvmZ0zcIz69iOGlg1Rk5WQde6j5d
4309ld/X0eWB/zV27wTMdUidGX0j26zn7xx/jMhqiq6ZjMrG+Z1kSFtxqyPRahOL
sllD9H7K0H+0ZTddJAwYkcxj73j9OuvSkErq/qagDiqYsL2LdL9ORnvYoTtRKaxV
efgrJa810qq2Q0/wLknxARIrlEZKczG2glldR6y37rI02vwR58gmB2wg29eycZg7
ZkafVKy2mTVuQtyZi4g/NJctyDs0OInaId5msTvUl1AxhqNsKaozJ+o3Ftf2nd37
5NgFgJkXiI7np6RjMUp/AYHwipL3ipe0xQNwCk/wuufFhaYQQMnI6Vk9TwUFqe5D
LSfEpfozW20p7MqBAmNzfVZoUIS6D0skt2bmGlaYDbXG+zMMMjT8fDD+OmLBL8eV
WgTI04DQHe4nLDtIQ/Z/bYdWCcROH1LB+0+CNfzsMY7A6RjUAyFUF/+ycPIFeNhZ
F1MfS6hOD4DkjaytMBp9XX4QNO+oE+x7qgE9Xe5d05yaoR73zw8=
=AEc7
-----END PGP SIGNATURE-----
--- End Message ---
