-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 02 Nov 2020 11:30:31 +0530 Source: jupyter-notebook Binary: python-notebook python3-notebook python-notebook-doc jupyter-notebook Architecture: source all Version: 4.2.3-4+deb9u1 Distribution: stretch-security Urgency: medium Maintainer: Debian Python Modules Team <python-modules-t...@lists.alioth.debian.org> Changed-By: Abhijith PA <abhij...@debian.org> Description: jupyter-notebook - Jupyter interactive notebook python-notebook - Jupyter interactive notebook (Python 2) python-notebook-doc - Jupyter interactive notebook (documentation) python3-notebook - Jupyter interactive notebook (Python 3) Closes: 893436 917409 Changes: jupyter-notebook (4.2.3-4+deb9u1) stretch-security; urgency=medium . * Non-maintainer upload by the Debian LTS Team. * Fix CVE-2018-19351: XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server.(Closes: #917409) * Fix CVE-2018-21030: does not use a CSP header to treat served files as belonging to a separate origin * CVE-2018-8768: a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context (Closes: #893436) Checksums-Sha1: c037464907c60df05706b2cd169bcf0f4f94e66d 3704 jupyter-notebook_4.2.3-4+deb9u1.dsc cd42c2013047d2722d3990db4787820cff51cbc8 4456566 jupyter-notebook_4.2.3.orig.tar.gz 536c39161373d06a29521bc334a8ab65346cd614 49260 jupyter-notebook_4.2.3-4+deb9u1.debian.tar.xz 0d56667724833fe5b7098819c4490df2d71476e5 5340 jupyter-notebook_4.2.3-4+deb9u1_all.deb 6db82a56cc520122489c1b8b46608bdaa4b52fc5 13319 jupyter-notebook_4.2.3-4+deb9u1_amd64.buildinfo be7c10fbf005d9bd3ad25a04d9fd34da9378c0d5 993432 python-notebook-doc_4.2.3-4+deb9u1_all.deb 51053cba0ce8cec70214a61694c19c9c0d7cfb6a 822160 python-notebook_4.2.3-4+deb9u1_all.deb 0da63c8f1501316e6d1e12584777429822a7c012 822132 python3-notebook_4.2.3-4+deb9u1_all.deb Checksums-Sha256: a7b78086bc13fc8b3fc15a10cc16572fca140b13eb2e87d7e6b4927b8cac51cd 3704 jupyter-notebook_4.2.3-4+deb9u1.dsc d755f6711581a11fe14da50623b29b9d1476d8947776634234dbf064d8ab5632 4456566 jupyter-notebook_4.2.3.orig.tar.gz bc2b2607810cd1cd760ff7f09ee0c4942f3f22aebb8f33ee7f02f58d87fb8e28 49260 jupyter-notebook_4.2.3-4+deb9u1.debian.tar.xz 5eeadf16885d9d726e5097ca489024146ab06c16cadfd02622259f7141c9373b 5340 jupyter-notebook_4.2.3-4+deb9u1_all.deb 09a49638d90f5b0c25d824b6233df5c1ebf1867d26c577c99b568cf7e3cfe1ec 13319 jupyter-notebook_4.2.3-4+deb9u1_amd64.buildinfo eeea69d06d9c12bf58a1b2b58eb164b6714e5362328612c749b88f1736347b1d 993432 python-notebook-doc_4.2.3-4+deb9u1_all.deb a9c62efb3134c60d2f64e12ee4138a883abbbe3d69277e270bd3fe443c800ff6 822160 python-notebook_4.2.3-4+deb9u1_all.deb 06e86901ece79605edb4b69c8642483152bec061374afd0eef20cf14b3b213e0 822132 python3-notebook_4.2.3-4+deb9u1_all.deb Files: 5e0b04387115f7dbff38b46e6f2ce539 3704 python optional jupyter-notebook_4.2.3-4+deb9u1.dsc 5c6b0b1303adacd8972c4db21eda3e98 4456566 python optional jupyter-notebook_4.2.3.orig.tar.gz 97d97f7dc78bab54b41355947b5ea9ad 49260 python optional jupyter-notebook_4.2.3-4+deb9u1.debian.tar.xz 250897fe44f8c50c2116058a00444b50 5340 science optional jupyter-notebook_4.2.3-4+deb9u1_all.deb 84aeddf49709755890c7e5b951abd660 13319 python optional jupyter-notebook_4.2.3-4+deb9u1_amd64.buildinfo f0165f1928ae5a14018c0904179e84e2 993432 doc optional python-notebook-doc_4.2.3-4+deb9u1_all.deb 264d1cd8185d560af44c206fe264b08c 822160 python optional python-notebook_4.2.3-4+deb9u1_all.deb e5ddd1cda74a3d6c7d437be366c09b1d 822132 python optional python3-notebook_4.2.3-4+deb9u1_all.deb
-----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl+hb3gUHGFiaGlqaXRo QGRlYmlhbi5vcmcACgkQhj1N8u2cKO/TsBAAj02KpIlFVqWxMgp8OSqZ6v6MzbrM cQhicHgbBRQ47OebIOp2Ba530yJ05LX+JIjIULYjNv3CChSkrwiRovX81m+92kl2 hMiBGPzv1AEN17QhWZsdSKSvNrD1PrgG+3JNGappDaPzbqMA+RpUpLUxcCj5kK9G 33jgcu4aa9+J/diQgD101XMLmRWpdZm2gt1VCjC2nWnOOI0ADHIEXtzT7IqX9tie DWYg5tixV3xE987jfqJlV7jUERxfhAH/NM5/9ZbGa6Z/LzSqVJixL9aZzcj98OA0 crSuTn0oJRI4RR8Mk2/P0IpE2LMSA6F7uszjm4iDjaqs8Ib69l/uSnPEr2mxemPJ j62yfZai8Tf18hN1xNntXoAnrI7aTR039/0AnV25+GXpIgTG/XbkRXw4qqzv5Nwm HQiPsB1Vww0V6OSxzmIZktCNFfq+L+PurQ9jSERnqyfCgfcXZNNx5REedYEFyEOo qbVC52DF/84Fbtm3PO64HIJBfB/TpB/IK5XS5rq9fYqXcekYHlXgKxcLQN7kcqco bFjgcAlySgTEocjAgAMW0PJzM66NYb2go4jrjcwvQ3H3vOoR1fJgMoKmMq27R/qg LdE/050quZ02TjYHNGSvwMLwGOj3/AVvfRMd+Q4ZYnpEUObpmPFgng4R1/RJoQMx yrfIHVyw08R1ge4= =/vN0 -----END PGP SIGNATURE-----