-
jupyter-notebook (5.2.2-1ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: Cross-site scripting via untrusted notebook (LP: #1982670)
- debian/patches/CVE-2018-19351.patch: Apply CSP sandboxing to nbconvert
responses.
- CVE-2018-19351
* SECURITY UPDATE: Cross-site inclusion on malicious pages (LP: #1982670)
- debian/patches/CVE-2019-9644-1.patch: Block cross-origin GET and HEAD
requests with mismatched Referer.
- debian/patches/CVE-2019-9644-2.patch: Add CSRF checks on files endpoints.
- debian/patches/CVE-2019-9644-3.patch: Set X-Content-Type-Options: nosniff
on all handlers for protecting non-script resources.
- CVE-2019-9644
* SECURITY UPDATE: Crafted link to login page redirects to malicious site
(LP: #1982670)
- debian/patches/CVE-2019-10255-1.patch: Parse URLs when validating redirect
targets.
- debian/patches/CVE-2019-10255-2.patch: Protect against Chrome mishandling
backslashes as slashes in URLs.
- debian/patches/CVE-2019-10255-3.patch: Handle empty netloc being
interpreted as first path part being the netloc by buggy browsers.
- CVE-2019-10255, CVE-2019-10856
* SECURITY UPDATE: Cross-site scripting (LP: #1982670)
- debian/patches/CVE-2018-21030-1.patch: Use CSP header to treat served
files as belonging to a separate origin.
- debian/patches/CVE-2018-21030-2.patch: Add a content_security_policy
property instead of the CSP header.
- CVE-2018-21030
* SECURITY UPDATE: Crafted link to login page redirects to spoofed server
(LP: #1982670)
- debian/patches/CVE-2020-26215.patch: Validate redirect target in
TrailingSlashHandler.
- CVE-2020-26215
* SECURITY UPDATE: Sensitive information disclosure leading to unauthorized
access (LP: #1982670)
- debian/patches/CVE-2022-24758.patch: Log only a non-sensitive subset of
the headers when a HTTP 5xx error other than HTTP 502 is triggered.
- CVE-2022-24758
* Address Lintian warnings.
-- Luís Infante da Câmara <email address hidden> Sun, 28 Aug 2022 23:00:01 +0100
-
jupyter-notebook (5.2.2-1) unstable; urgency=medium
* New upstream release.
-- Gordon Ball <email address hidden> Wed, 06 Dec 2017 22:25:37 +0100
-
jupyter-notebook (5.2.1-2) unstable; urgency=medium
* Patch tools/build-main.js which should fix being unable to use the
built-in web terminal, due to failing to load xterm.js
-- Gordon Ball <email address hidden> Thu, 23 Nov 2017 21:15:08 +0000
-
jupyter-notebook (5.2.1-1) unstable; urgency=medium
* New upstream release.
* Update lintian-overrides with a very-long-line regex related to
bidirectional text support
* Install upstream changelog
-- Gordon Ball <email address hidden> Thu, 16 Nov 2017 20:58:44 +0000
-
jupyter-notebook (5.1.0-2) unstable; urgency=medium
* Explicitly set HOME and XDG_RUNTIME_DIR due to tests failing
on the buildds
-- Gordon Ball <email address hidden> Mon, 06 Nov 2017 19:47:56 +0000
-
jupyter-notebook (5.1.0-1) unstable; urgency=medium
[ Ximin Luo ]
* New upstream release.
[ Gordon Ball ]
* Binary package jupyter-notebook now depends on jupyter-core, to ensure
it is possible to run "jupyter notebook"
* Man page added for new command "jupyter bundlerextension"
* libjs-term.js has been replaced by libjs-xterm
* Update Standards-Version to 4.1.1
* Documentation now includes sample notebooks; a patch is added to ignore
errors while building these
* New dependencies: libjs-jed, libjs-requirejs-text
* New missing-sources: json.js from requirejs-plugins
* This version is built with a dummy shim replacing the unpackaged
preact, preact-compat and proptypes javascript libraries. Consequently,
the shortcut editor will not work.
-- Gordon Ball <email address hidden> Sun, 05 Nov 2017 18:52:40 +0000
-
jupyter-notebook (4.2.3-4) unstable; urgency=medium
* Clean up handling of the /etc/jupyter/nbconfig dir in maintscripts
* Patch out the attempt to automatically import ipywidgets, which isn't
required for ipywidgets > 4, and avoids an unneeded warning
(closes: #848252)
-- Gordon Ball <email address hidden> Sat, 07 Jan 2017 11:46:16 +0100
