A new upstream version 7.16.2 is available, you should consider packaging it.
debian/patches: 2 patches with invalid metadata, 5 patches to forward upstream
high
Among the 11 debian patches
available in version 6.5.3-4 of the package,
we noticed the following issues:
2 patches with
invalid metadata that ought to be fixed.
5 patches
where the metadata indicates that the patch has not yet been forwarded
upstream. You should either forward the patch upstream or update the
metadata to document its real status.
CVE-2021-32862:
The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting (XSS) vulnerabilities if these HTML notebooks are served by a web server (eg: nbviewer).