-
jupyter-notebook (6.4.8-1ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: Crafted link to login page redirects to malicious site
(LP: #1982670)
- debian/patches/CVE-2019-10856.patch: Handle empty netloc being
interpreted as first path part being the netloc by buggy browsers.
- CVE-2019-10856
* SECURITY UPDATE: Sensitive information disclosure leading to unauthorized
access (LP: #1982670)
- debian/patches/CVE-2022-24758.patch: Log only a non-sensitive subset of
the headers when a HTTP 5xx error other than HTTP 502 is triggered.
- CVE-2022-24758
* SECURITY UPDATE: Access to hidden files or to files in hidden directories
(LP: #1982670)
- debian/patches/CVE-2022-29238-1.patch: Add checks for hidden file or path on
file get.
- debian/patches/CVE-2022-29238-2.patch: added hidden checks on
FileContentsManager and accompanying tests.
- debian/patches/CVE-2022-29238-3.patch: Added hidden checks on
notebook/services/contents/handlers.py and accompanying tests.
- debian/patches/CVE-2022-29238-4.patch: Update log message to mention
hidden directories.
- debian/patches/CVE-2022-29238-5.patch: Update error messages to not
mention hidden files.
- CVE-2022-29238
* debian/source/lintian-overrides: Update to fix Lintian warnings.
-- Luís Infante da Câmara <email address hidden> Fri, 29 Jul 2022 21:35:10 +0100
-
jupyter-notebook (6.4.8-1) unstable; urgency=medium
* New upstream version 6.4.8
* d/control: bump send2trash version, add nest_asyncio
-- Gordon Ball <email address hidden> Fri, 28 Jan 2022 11:42:02 +0000
-
jupyter-notebook (6.4.5-4) unstable; urgency=medium
* Patch javascript usage of marked for marked 4.x
* Temporarily disable jquery-ui related functionality until a solution to
#1003680 is found. This makes the help pager non-resizeable, but avoids a
blank page when trying to open a notebook.
(Closes: #1003613, #1003722, #1003881)
-- Gordon Ball <email address hidden> Mon, 17 Jan 2022 16:35:10 +0000
-
jupyter-notebook (6.4.5-3) unstable; urgency=medium
* Fix FTBFS caused by files moves in node-po2json 0.4.5-2
* Add picocolors to nodejs/extcopies, new dependency for postcss webpack build
* Adjust paths for marked 4.x (Closes: #1000884)
-- Gordon Ball <email address hidden> Mon, 10 Jan 2022 16:14:45 +0000
-
jupyter-notebook (6.4.5-2) unstable; urgency=medium
* Drop test dependency on python3-nose
* Patch test failures with jupyter-core 4.9.1 (Closes: #998525)
-- Gordon Ball <email address hidden> Sat, 06 Nov 2021 14:18:28 +0000
-
jupyter-notebook (6.4.5-1) unstable; urgency=medium
* New upstream version 6.4.5
* Drop Built-Using field on python3-notebook, as the licenses of the
libraries listed did not require it
* Standards-Version: 4.6.0
-- Gordon Ball <email address hidden> Fri, 22 Oct 2021 18:22:18 +0000
-
jupyter-notebook (6.4.4-1) unstable; urgency=medium
* New upstream version 6.4.4 (Closes: #995593)
* More fixes for the (fragile) javascript build process
-- Gordon Ball <email address hidden> Fri, 08 Oct 2021 19:45:38 +0000
-
jupyter-notebook (6.2.0-1) unstable; urgency=medium
* New upstream version 6.2.0
* Version dependencies on tornado, send2trash
* Disable all tests of notebook trashing; these are too sensitive to
different mount and container layouts to be useful.
-- Gordon Ball <email address hidden> Sun, 17 Jan 2021 21:52:31 +0000