On Wed, Jun 24, 2015 at 10:29:20PM +0200, Salvatore Bonaccorso wrote: > Source: ipython > Version: 2.1.0-1 > Severity: important > Tags: security upstream fixed-upstream > > Hi, > > the following vulnerability was published for ipython. > > CVE-2015-4707[0]: > IPython XSS in JSON error responses -- /api/notebooks path > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2015-4707 > [1] http://www.openwall.com/lists/oss-security/2015/06/22/4 > [2] http://www.openwall.com/lists/oss-security/2015/06/22/7
There's an additional vulnerability (currently without a CVE ID): http://www.openwall.com/lists/oss-security/2015/07/12/4 Patches: https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0 (2.x) https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816 (3.x) Both of these vulnerabilities don't warrant a DSA, but it would still be good if you would fix them through a point update: https://www.debian.org/doc/manuals/developers-reference/ch05.de.html#upload-stable Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org