Debian Package Tracker - jupyter-notebook

general

source: jupyter-notebook (main)
version: 5.7.8-1
maintainer: Debian Python Modules Team (archive) [DMD]
uploaders: Gordon Ball [DMD] [dm] – Jerome Benoit [DMD]
arch: all
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 4.2.3-4
stable: 5.7.8-1
testing: 5.7.8-1
unstable: 5.7.8-1

versioned links

4.2.3-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.7.8-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

jupyter-notebook (3 bugs: 0, 3, 0, 0)
python-notebook
python-notebook-doc
python3-notebook

action needed

A new upstream version is available: 6.0.0 high

A new upstream version 6.0.0 is available, you should consider packaging it.

Created: 2019-07-19 Last update: 2019-07-22 03:40

5 security issues in stretch high

There are 5 open security issues in stretch.

4 important issues:

CVE-2019-10255: An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected.
CVE-2018-19351: Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py, NbconvertFileHandler and NbconvertPostHandler do not set a Content Security Policy to prevent this.
CVE-2019-9644: An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Access to the content of resources has been demonstrated with Internet Explorer through capturing of error messages, though not reproduced with other browsers. This occurs because Internet Explorer's error messages can include the content of any invalid JavaScript that was encountered.
CVE-2018-19352: Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely.

1 issue skipped by the security teams:

CVE-2018-8768: In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous.

Please fix them.

Created: 2018-03-18 Last update: 2019-07-07 09:00

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 5.7.8-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 8a17b9849f0326add14527a0388ed740b75a9cb6
Author: Ondřej Nový <onovy@debian.org>
Date:   Sat Jul 20 00:26:23 2019 +0200

    Bump Standards-Version to 4.4.0

commit 4712b00e50a873097f61188e9c01c395d7ee102b
Author: Ondřej Nový <onovy@debian.org>
Date:   Sat Jul 20 00:26:22 2019 +0200

    Use debhelper-compat instead of debian/compat

Created: 2019-07-20 Last update: 2019-07-21 22:22

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.0 instead of 4.3.0).

Created: 2019-07-08 Last update: 2019-07-08 20:07

testing migrations

This package is part of the ongoing testing transition known as python2-rm. Please avoid uploads unrelated to this transition, they would likely delay it and require supplementary work from the release managers. On the other hand, if your package has problems preventing it to migrate to testing, please fix them as soon as possible. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2019-05-12] jupyter-notebook 5.7.8-1 MIGRATED to testing (Debian testing watch)
[2019-05-06] Accepted jupyter-notebook 5.7.8-1 (source all) into unstable (Gordon Ball)
[2019-04-05] jupyter-notebook 5.7.4-2.1 MIGRATED to testing (Debian testing watch)
[2019-03-30] Accepted jupyter-notebook 5.7.4-2.1 (source) into unstable (Sébastien Villemot)
[2019-03-20] jupyter-notebook 5.7.4-2 MIGRATED to testing (Debian testing watch)
[2019-03-09] Accepted jupyter-notebook 5.7.4-2 (source) into unstable (Andrej Shadura)
[2019-02-24] jupyter-notebook 5.7.4-1 MIGRATED to testing (Debian testing watch)
[2019-02-14] Accepted jupyter-notebook 5.7.4-1 (source all) into unstable (Gordon Ball)
[2018-04-09] jupyter-notebook 5.4.1-1 MIGRATED to testing (Debian testing watch)
[2018-04-03] Accepted jupyter-notebook 5.4.1-1 (source all) into unstable (Gordon Ball)
[2018-03-11] jupyter-notebook 5.4.0-1 MIGRATED to testing (Debian testing watch)
[2018-03-11] jupyter-notebook 5.4.0-1 MIGRATED to testing (Debian testing watch)
[2018-03-05] Accepted jupyter-notebook 5.4.0-1 (source all) into unstable (Gordon Ball)
[2017-12-12] jupyter-notebook 5.2.2-1 MIGRATED to testing (Debian testing watch)
[2017-12-06] Accepted jupyter-notebook 5.2.2-1 (source all) into unstable (Gordon Ball)
[2017-11-29] jupyter-notebook 5.2.1-2 MIGRATED to testing (Debian testing watch)
[2017-11-23] Accepted jupyter-notebook 5.2.1-2 (source all) into unstable (Gordon Ball)
[2017-11-22] jupyter-notebook 5.2.1-1 MIGRATED to testing (Debian testing watch)
[2017-11-16] Accepted jupyter-notebook 5.2.1-1 (source all) into unstable (Gordon Ball)
[2017-11-14] jupyter-notebook 5.1.0-2 MIGRATED to testing (Debian testing watch)
[2017-11-08] Accepted jupyter-notebook 5.1.0-2 (all source) into unstable, unstable (Gordon Ball) (signed by: Ximin Luo)
[2017-11-05] Accepted jupyter-notebook 5.1.0-1 (source) into unstable (Gordon Ball)
[2017-03-31] Accepted jupyter-notebook 4.2.3-4~bpo8+1 (source all) into jessie-backports->backports-policy, jessie-backports (Andreas Tille)
[2017-01-18] jupyter-notebook 4.2.3-4 MIGRATED to testing (Debian testing watch)
[2017-01-07] Accepted jupyter-notebook 4.2.3-4 (source) into unstable (Gordon Ball)
[2016-12-23] jupyter-notebook 4.2.3-3 MIGRATED to testing (Debian testing watch)
[2016-12-12] Accepted jupyter-notebook 4.2.3-3 (source) into unstable (Ximin Luo)
[2016-12-07] Accepted jupyter-notebook 4.2.3-2 (source all) into unstable (Ximin Luo)
[2016-12-05] Accepted jupyter-notebook 4.2.3-1 (source all) into unstable (Gordon Ball) (signed by: "Tobias Hansen")

bugs [bug history graph]

all: 4
RC: 0
I&N: 4
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 5.7.8-1
2 bugs