Your message dated Mon, 29 Jun 2026 00:47:56 +0100
with message-id <[email protected]>
and subject line Re: Bug#1140862: jupyter-server: autopkgtest regression with 
pytest 9.1
has caused the Debian Bug report #1140862,
regarding jupyter-server: autopkgtest regression with pytest 9.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1140862: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1140862
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: jupyter-server
Version: 2.17.0-1
Severity: serious
User: [email protected]
Usertags: pytest9.1

Dear maintainer,

According to https://ci.debian.net data, your package jupyter-server has an
autopkgtest regression with pytest.

The following architectures failed: amd64, arm64, i386, loong64,
ppc64el, riscv64, s390x.

Hopefully relevant excerpt from
https://ci.debian.net/packages/j/jupyter-server/testing/amd64/72542051/
follows:

105s ==================================== ERRORS 
====================================
105s ________________ ERROR collecting tests/auth/test_authorizer.py 
________________
105s ERROR tests/auth/test_authorizer.py - Failed: 
tests/auth/test_authorizer.py::...
106s pytest               FAIL non-zero exit status 2
106s pytest               FAIL non-zero exit status 2

--- End Message ---
--- Begin Message ---
Source: jupyter-server
Source-Version: 2.20.0-1

On Sat, Jun 27, 2026 at 11:23:08PM +0200, [email protected] wrote:
Source: jupyter-server
Version: 2.17.0-1
Severity: serious
User: [email protected]
Usertags: pytest9.1

Dear maintainer,

According to https://ci.debian.net data, your package jupyter-server has an
autopkgtest regression with pytest.

The following architectures failed: amd64, arm64, i386, loong64,
ppc64el, riscv64, s390x.

This already seems to be fixed in the version in unstable. (Some tests might still be flaky, but this particular pytest incompatibility has been fixed as far as I can tell.)

jupyter-server (2.20.0-1) unstable; urgency=medium

  * Team upload.
  * New upstream release (closes: #1136022):
    - CVE-2025-61669: Open redirection vulnerability in `next` query
      parameter.
    - CVE-2026-35397: Path traversal via jupyter-server REST API allows
      access to a subset of directories sibling to the `root_dir`.
    - CVE-2026-40110: CORS Origin validation bypass via `re.match()` in
      `allow_origin_pat`.
    - CVE-2026-40934: Authentication cookies remain valid after password
      reset and server restart.
  * Skip failing restart_kernel test on all architectures.
  * Standards-Version: 4.7.4.

 -- Colin Watson <[email protected]>  Tue, 23 Jun 2026 12:08:04 +0100

Thanks,

--
Colin Watson (he/him)                              [[email protected]]

--- End Message ---

Reply via email to