Ack, already looking at it. Unfortunately, there is unlikely to be a quick fix, since upstream has resolved this by removing their existing html/css sanitizer in favour of an alternative one from the jupyterlab source tree, which will require more packaging work before we can utilise it. This is going to be even more of a problem to backport to stable.
- Bug#992704: jupyter-notebook: CVE-2021-32798 Salvatore Bonaccorso
- Bug#992704: (no subject) Gordon Ball
- Bug#992704: marked as done (jupyter-notebo... Debian Bug Tracking System
