Debian Package Tracker - jupyter-notebook

general

source: jupyter-notebook (main)
version: 5.4.1-1
maintainer: Debian Python Modules Team (archive) [DMD]
uploaders: Gordon Ball [DMD] [dm] – Jerome Benoit [DMD]
arch: all
std-ver: 4.1.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

old-bpo: 4.2.3-4~bpo8+1
stable: 4.2.3-4
testing: 5.4.1-1
unstable: 5.4.1-1

versioned links

4.2.3-4~bpo8+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.2.3-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.4.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

jupyter-notebook
python-notebook
python-notebook-doc
python3-notebook

action needed

A new upstream version is available: 5.7.4 high

A new upstream version 5.7.4 is available, you should consider packaging it.

Created: 2018-08-23 Last update: 2019-01-18 09:01

2 security issues in buster high

There are 2 open security issues in buster.

2 important issues:

CVE-2018-19351: Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py, NbconvertFileHandler and NbconvertPostHandler do not set a Content Security Policy to prevent this.
CVE-2018-19352: Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely.

Please fix them.

Created: 2018-11-19 Last update: 2018-12-27 15:02

3 security issues in stretch high

There are 3 open security issues in stretch.

2 important issues:

CVE-2018-19351: Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py, NbconvertFileHandler and NbconvertPostHandler do not set a Content Security Policy to prevent this.
CVE-2018-19352: Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely.

1 issue skipped by the security teams:

CVE-2018-8768: In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous.

Please fix them.

Created: 2018-03-18 Last update: 2018-12-27 15:02

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2018-19351: Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py, NbconvertFileHandler and NbconvertPostHandler do not set a Content Security Policy to prevent this.
CVE-2018-19352: Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely.

Please fix them.

Created: 2018-11-19 Last update: 2018-12-27 15:02

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs, consider including or untagging them.

Created: 2018-12-27 Last update: 2019-01-18 10:39

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2018-09-04 Last update: 2019-01-18 06:16

9 new commits since last upload, time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 5.6.0-1, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 47ab18289f56f05cc986180353fa106c2e6b5ab3
Author: Ondřej Nový <onovy@debian.org>
Date:   Mon Aug 27 15:11:04 2018 +0200

    Use 'python3 -m sphinx' instead of sphinx-build for building docs

commit fd57c5960bf77b4cff9d441c31fa05c722f9b4cc
Author: Ondřej Nový <onovy@debian.org>
Date:   Wed Aug 8 09:20:36 2018 +0200

    d/changelog: Remove trailing whitespaces

commit 63db56eec93fa64839c4774067914be980cc722f
Author: Gordon Ball <gordon@chronitis.net>
Date:   Tue Jul 24 13:21:37 2018 +0000

    Update xterm layout in static/components

commit b781a04e5973872fac87eb9de7644550628ed81a
Author: Gordon Ball <gordon@chronitis.net>
Date:   Tue Jul 24 13:00:12 2018 +0000

    Refresh patches

commit 41e665a546c92d1c9b0f0418e5b70310e284064b
Author: Gordon Ball <gordon@chronitis.net>
Date:   Tue Jul 24 12:59:08 2018 +0000

    New upstream: 5.6.0

commit caa994e6e0fbef3a70e2ccba4cfa70b7fb407f37
Merge: 132d701 b40e081
Author: Gordon Ball <gordon@chronitis.net>
Date:   Tue Jul 24 12:58:31 2018 +0000

    Update upstream source from tag 'upstream/5.6.0'
    
    Update to upstream version '5.6.0'
    with Debian dir f813e76d2716d8959701c80c320b44cdf67214ac

commit b40e08176c397f4bb1aa35f159c01e1a73fcb2a0
Author: Gordon Ball <gordon@chronitis.net>
Date:   Tue Jul 24 12:58:09 2018 +0000

    New upstream version 5.6.0

commit 132d701c7353b9279e8c85bf6af2f95ee81ac2ee
Author: Ondřej Nový <onovy@debian.org>
Date:   Mon May 14 08:02:44 2018 +0200

    d/control: Remove ancient X-Python3-Version field

commit 495c4f822eaf3e7383e4e49d2826b04bd51b3bdf
Author: Ondřej Nový <onovy@debian.org>
Date:   Mon May 14 08:02:43 2018 +0200

    d/control: Remove ancient X-Python-Version field

Created: 2018-05-14 Last update: 2019-01-18 01:58

lintian reports 2 warnings normal

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2018-05-09 Last update: 2018-05-09 07:46

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.3.0 instead of 4.1.3).

Created: 2018-04-16 Last update: 2018-12-23 17:15

news

[rss feed]

[2018-04-09] jupyter-notebook 5.4.1-1 MIGRATED to testing (Debian testing watch)
[2018-04-03] Accepted jupyter-notebook 5.4.1-1 (source all) into unstable (Gordon Ball)
[2018-03-11] jupyter-notebook 5.4.0-1 MIGRATED to testing (Debian testing watch)
[2018-03-11] jupyter-notebook 5.4.0-1 MIGRATED to testing (Debian testing watch)
[2018-03-05] Accepted jupyter-notebook 5.4.0-1 (source all) into unstable (Gordon Ball)
[2017-12-12] jupyter-notebook 5.2.2-1 MIGRATED to testing (Debian testing watch)
[2017-12-06] Accepted jupyter-notebook 5.2.2-1 (source all) into unstable (Gordon Ball)
[2017-11-29] jupyter-notebook 5.2.1-2 MIGRATED to testing (Debian testing watch)
[2017-11-23] Accepted jupyter-notebook 5.2.1-2 (source all) into unstable (Gordon Ball)
[2017-11-22] jupyter-notebook 5.2.1-1 MIGRATED to testing (Debian testing watch)
[2017-11-16] Accepted jupyter-notebook 5.2.1-1 (source all) into unstable (Gordon Ball)
[2017-11-14] jupyter-notebook 5.1.0-2 MIGRATED to testing (Debian testing watch)
[2017-11-08] Accepted jupyter-notebook 5.1.0-2 (all source) into unstable, unstable (Gordon Ball) (signed by: Ximin Luo)
[2017-11-05] Accepted jupyter-notebook 5.1.0-1 (source) into unstable (Gordon Ball)
[2017-03-31] Accepted jupyter-notebook 4.2.3-4~bpo8+1 (source all) into jessie-backports->backports-policy, jessie-backports (Andreas Tille)
[2017-01-18] jupyter-notebook 4.2.3-4 MIGRATED to testing (Debian testing watch)
[2017-01-07] Accepted jupyter-notebook 4.2.3-4 (source) into unstable (Gordon Ball)
[2016-12-23] jupyter-notebook 4.2.3-3 MIGRATED to testing (Debian testing watch)
[2016-12-12] Accepted jupyter-notebook 4.2.3-3 (source) into unstable (Ximin Luo)
[2016-12-07] Accepted jupyter-notebook 4.2.3-2 (source all) into unstable (Ximin Luo)
[2016-12-05] Accepted jupyter-notebook 4.2.3-1 (source all) into unstable (Gordon Ball) (signed by: "Tobias Hansen")

bugs [bug history graph]

all: 9
RC: 1
I&N: 8
M&W: 0
F&P: 0
patch: 2

links

homepage
lintian (0, 2)
buildd: logs, clang, reproducibility
popcon
debci
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 5.4.1-1
1 bug