Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted jupyter-server 2.20.0-1 (source) into unstable
Date: Tue, 23 Jun 2026 11:34:22 +0000
Signed by: Colin Watson <cjwatson@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 23 Jun 2026 12:08:04 +0100
Source: jupyter-server
Architecture: source
Version: 2.20.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Closes: 1136022
Changes:
 jupyter-server (2.20.0-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream release (closes: #1136022):
     - CVE-2025-61669: Open redirection vulnerability in `next` query
       parameter.
     - CVE-2026-35397: Path traversal via jupyter-server REST API allows
       access to a subset of directories sibling to the `root_dir`.
     - CVE-2026-40110: CORS Origin validation bypass via `re.match()` in
       `allow_origin_pat`.
     - CVE-2026-40934: Authentication cookies remain valid after password
       reset and server restart.
   * Skip failing restart_kernel test on all architectures.
   * Standards-Version: 4.7.4.
Checksums-Sha1:
 6d59bd8c12b14c54e1537ba3135698f16a34dbe3 3756 jupyter-server_2.20.0-1.dsc
 792059f9fe0713adf7baa01343a6933f8f7ef7bc 641174 jupyter-server_2.20.0.orig.tar.gz
 d6dfa9ee4c73a1b74523895c56db7b77088e17c4 7600 jupyter-server_2.20.0-1.debian.tar.xz
Checksums-Sha256:
 29b40e88cc9aef184f008693d22f6cbc02040adc6b2154f73787d9cfc55cb64f 3756 jupyter-server_2.20.0-1.dsc
 d6f1614e53fe3918c311c4221174faad3e0359a690df21da1a923a86b5a28aaa 641174 jupyter-server_2.20.0.orig.tar.gz
 cb813a5f1ae64a5d97fd6309ce9792cccd9a33c07c715baa66c9251472aa2f60 7600 jupyter-server_2.20.0-1.debian.tar.xz
Files:
 105e1cac9380ac55aae8b77121d81f60 3756 python optional jupyter-server_2.20.0-1.dsc
 851a1e9ee825de6cb286cc37723454f8 641174 python optional jupyter-server_2.20.0.orig.tar.gz
 5032f085f06320ebd253ddc5a26bbc46 7600 python optional jupyter-server_2.20.0-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmo6aYoACgkQOTWH2X2G
UAu3tBAAl+PHxPEmozuFvAbzgt9MhT4qOmQm8Gwy3f/Qg3unS64ZdM1briJZ8GuA
rZh+nozbzbF0g0claixQZccQhAuXXEKPkN7YCiUAb9IyK7rZ1ybaYESMATVsuE31
27fifdofVDT0YPcQTwzTuJSC+zT2bsYpxcSBHM71PJRQShpRClrGnXcruB1DL1FL
DBHf8Ag3gwzDrHld88j6W6C/rrJkAIEe51uq9piw+o1Mx7UYOdjm8Zf8ZLD0H9NC
Nl/QyWdQUWXMKQl0ED9w1C6xZ9D7ix7Cp6GlIR08B8kFBvTWoOl8O17zmzt5n4UI
c6v7iE3BVjt/ui2idjxP30hzxW2edc4419RhogDT6QLj+YeTzfCPBd8okwi2llBX
TZqXd2w3gFxQ8ktDkuShdKeOgsQzS1sSiOjGC/yh0jsKwmldrQVOUc0LlerQUFIa
sCSZYMXaN6plYL1Gj7pdF9kCJ4PpXmDUFgGO48bmsIhkyxYqsPLPubJvW9q29ELc
B148nzE0zkxI7qMM/CvgD6bw+duRQPrzqdqZCbXH/MVBt/rjQgMWIIn8P0oDMJPB
v0g4ZB9AXazfyx3L84zECG/lMkIQj1dZoqlHKjKzuZfdG4htHaf/Eiypy9VtWOd2
59ZPwXb0HACKMvL1OkhXpAlXsfdGYfK3IkO4WH/pmwMZee/+CZQ=
=Pf4E
-----END PGP SIGNATURE-----

News for package jupyter-server