jupyter-notebook - Debian Package Tracker

general

source: jupyter-notebook (main)
version: 6.4.12-2.1
maintainer: Debian Python Team (DMD)
uploaders: Gordon Ball [DMD]
arch: all
std-ver: 4.6.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 4.2.3-4
o-o-sec: 4.2.3-4+deb9u2
oldstable: 5.7.8-1
stable: 6.2.0-1
testing: 6.4.12-2.1
unstable: 6.4.12-2.1

versioned links

4.2.3-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.2.3-4+deb9u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.7.8-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.2.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.4.12-2.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

jupyter-notebook (8 bugs: 0, 7, 1, 0)
python-notebook-doc
python3-notebook

action needed

A new upstream version is available: 7.0.0~a18 high

A new upstream version 7.0.0~a18 is available, you should consider packaging it.

Created: 2022-03-13 Last update: 2023-04-01 00:02

The VCS repository is not up to date, push the missing commits. high

vcswatch reports that the current version of the package is not in its VCS.
Either you need to push your commits and/or your tags, or the information about the package's VCS are out of date. A common cause of the latter issue when using the Git VCS is not specifying the correct branch when the packaging is not in the default one (remote HEAD branch), which is usually "master" but can be modified in salsa.debian.org in the project's general settings with the "Default Branch" field). Alternatively the Vcs-Git field in debian/control can contain a "-b <branch-name>" suffix to indicate what branch is used for the Debian packaging.

Created: 2022-10-15 Last update: 2023-03-30 04:38

lintian reports 2 errors and 40 warnings high

Lintian reports 2 errors and 40 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2022-10-01 Last update: 2023-02-18 03:37

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2020-09-27 Last update: 2023-03-31 19:35

AppStream hints: 1 warning normal

AppStream found metadata issues for packages:

jupyter-notebook: 1 warning

You should get rid of them to provide more metadata about this software.

Created: 2021-09-16 Last update: 2021-09-16 14:34

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

python-notebook-doc could be marked Multi-Arch: foreign

Created: 2022-11-11 Last update: 2023-03-31 19:37

3 low-priority security issues in bullseye low

There are 3 open security issues in bullseye.

3 issues left for the package maintainer to handle:

CVE-2021-32798: (needs triaging) The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim opens a malicious ipynb document in Jupyter Notebook. The XSS allows an attacker to execute arbitrary code on the victim computer using Jupyter APIs.
CVE-2022-24758: (needs triaging) The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter notebook version 6.4.x contains a patch for this issue. There are currently no known workarounds.
CVE-2022-29238: (needs triaging) Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with `ContentsManager.allow_hidden = False` only prevented listing the contents of hidden directories, not accessing individual hidden files or files in hidden directories (i.e. hidden files were 'hidden' but not 'inaccessible'). This could lead to notebook configurations allowing authenticated access to files that may reasonably be expected to be disallowed. Because fully authenticated requests are required, this is of relatively low impact. But if a server's root directory contains sensitive files whose only protection from the server is being hidden (e.g. `~/.ssh` while serving $HOME), then any authenticated requests could access files if their names are guessable. Such contexts also necessarily have full access to the server and therefore execution permissions, which also generally grants access to all the same files. So this does not generally result in any privilege escalation or increase in information access, only an additional, unintended means by which the files could be accessed. Version 6.4.12 contains a patch for this issue. There are currently no known workarounds.

You can find information about how to handle these issues in the security team's documentation.

Created: 2022-07-04 Last update: 2023-03-27 11:06

debian/patches: 17 patches to forward upstream low

Among the 17 debian patches available in version 6.4.12-2.1 of the package, we noticed the following issues:

17 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2023-02-26 15:54

Issues found with some translations low

Automatic checks made by the Debian l10n team found some issues with the translations contained in this package. You should check the l10n status report for more information.

Issues can be things such as missing translations, problematic translated strings, outdated PO files, unknown languages, etc.

Created: 2020-02-26 Last update: 2022-01-30 06:32

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.2 instead of 4.6.0).

Created: 2022-05-11 Last update: 2022-12-17 19:18

news

[rss feed]

[2022-10-17] jupyter-notebook 6.4.12-2.1 MIGRATED to testing (Debian testing watch)
[2022-10-15] Accepted jupyter-notebook 6.4.12-2.1 (source) into unstable (Michael Biebl)
[2022-10-03] jupyter-notebook 6.4.12-2 MIGRATED to testing (Debian testing watch)
[2022-09-30] Accepted jupyter-notebook 6.4.12-2 (source) into unstable (Gordon Ball)
[2022-09-30] Accepted jupyter-notebook 6.4.12-1 (source) into unstable (Gordon Ball)
[2022-05-09] jupyter-notebook 6.4.8-2 MIGRATED to testing (Debian testing watch)
[2022-05-03] Accepted jupyter-notebook 6.4.8-2 (source) into unstable (Julien Puydt)
[2022-01-31] jupyter-notebook 6.4.8-1 MIGRATED to testing (Debian testing watch)
[2022-01-28] Accepted jupyter-notebook 6.4.8-1 (source) into unstable (Gordon Ball)
[2022-01-20] jupyter-notebook 6.4.5-4 MIGRATED to testing (Debian testing watch)
[2022-01-17] Accepted jupyter-notebook 6.4.5-4 (source) into unstable (Gordon Ball)
[2022-01-13] jupyter-notebook 6.4.5-3 MIGRATED to testing (Debian testing watch)
[2022-01-13] jupyter-notebook 6.4.5-3 MIGRATED to testing (Debian testing watch)
[2022-01-10] Accepted jupyter-notebook 6.4.5-3 (source) into unstable (Gordon Ball)
[2021-11-09] jupyter-notebook 6.4.5-2 MIGRATED to testing (Debian testing watch)
[2021-11-06] Accepted jupyter-notebook 6.4.5-2 (source) into unstable (Gordon Ball)
[2021-10-26] jupyter-notebook 6.4.5-1 MIGRATED to testing (Debian testing watch)
[2021-10-22] Accepted jupyter-notebook 6.4.5-1 (source) into unstable (Gordon Ball)
[2021-10-08] Accepted jupyter-notebook 6.4.4-1 (source) into unstable (Gordon Ball)
[2021-09-15] Accepted jupyter-notebook 6.4.3-1 (source) into unstable (Gordon Ball)
[2021-01-20] jupyter-notebook 6.2.0-1 MIGRATED to testing (Debian testing watch)
[2021-01-17] Accepted jupyter-notebook 6.2.0-1 (source) into unstable (Gordon Ball)
[2021-01-16] jupyter-notebook 6.1.6-2 MIGRATED to testing (Debian testing watch)
[2021-01-16] jupyter-notebook 6.1.6-2 MIGRATED to testing (Debian testing watch)
[2021-01-12] Accepted jupyter-notebook 6.1.6-2 (source) into unstable (Gordon Ball)
[2021-01-12] jupyter-notebook 6.1.6-1 MIGRATED to testing (Debian testing watch)
[2020-12-26] Accepted jupyter-notebook 6.1.6-1 (source) into unstable (Gordon Ball)
[2020-12-02] Accepted jupyter-notebook 4.2.3-4+deb9u2 (source all) into oldstable (Chris Lamb)
[2020-11-18] Accepted jupyter-notebook 4.2.3-4+deb9u1 (source all) into oldstable (Abhijith PA)
[2020-11-13] jupyter-notebook 6.1.5-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 9
RC: 0
I&N: 8
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian (2, 40)
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
l10n (-, 94)
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 6.4.12-2.1
1 bug