it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5422-1] jupyter-core security update

From: Aron Xu <aron AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 5422-1] jupyter-core security update
Date: Fri, 09 Jun 2023 07:26:17 +0000
Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 2001:41b8:202:deb:216:36ff:fe40:4002) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
List-archive: https://lists.debian.org/msgid-search/E1q7WVl-00C91M-4r AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=t9+Ke/nJIN3r/71oJQE/EK+EdczoaHb1qt+ivUxdYCI=; b=hn npZSjWztW2pzmC23gY106YpcNzkHG5yvtu5LXaAZZ6ivl8xA3LC7mwbxbzSj9uzRc+nkwW+uBCNIs liYOztkSioRWlARv+2mBJQ88VY7P33AP95QnYor3mkJb/xjK0nOtFs7LZqXQCyAUKHdKO2MVGpyKm i/gAeaZavkVye+hXgR86huKHTVwUAKhfcIswdu/qreApBGXumEx2w55gAtHvxpL0UZbmLqDvmn0Nn ztDet3lV6eo0FFxhNpAJOJt0Qs8I7dJrdNT4McISH23S6Qlz4hGkF1bDfTlG0GNF89+TGtxP9e76B sslVMf/VXh84/erU+3qDAcrOdf7Hwl4A==;
Old-return-path: <aron AT seger.debian.org>
Priority: urgent
Resent-date: Fri, 9 Jun 2023 07:26:40 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <oQjZGqQaW4.A.tFG.wQtgkB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5422-1 security AT debian.org
https://www.debian.org/security/ Aron Xu
June 09, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : jupyter-core
CVE ID : CVE-2022-39286
Debian Bug : 1023361

It was discovered that jupyter-core, the core common functionality for
Jupyter projects, could execute arbitrary code in the current working
directory while loading configuration files.

For the stable distribution (bullseye), this problem has been fixed in
version 4.7.1-1+deb11u1.

We recommend that you upgrade your jupyter-core packages.

For the detailed security status of jupyter-core please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/jupyter-core

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmSC094ACgkQO1LKKgqv
2VQqmAf7BuaSZZoh8XI6RUFVbwi0NSsFUVY0x4lLIUr49M+qpZoRsUxLAqjeAsqA
nLONXNZeqRmL/lCL/4dZ1BvP0D3lW7DaKzP25D9HhamuBMo/8Uvcn/jKhTW+SwXG
5qzJoN1XrHHN9ye/yFUd3em+wgZwlOUWVRAICTmnw0s1IA2Z1Urx5qIOD0wphuPw
g2QeluVVXlhUDVm8fd0EHi2LupnukIfe4BnPvKtPPrt6wNYxiUEICrXsf21HV/xq
07J3MmyJwNmJKw4+GhqDVhcbLW/tWwp51ux+nHXoHOR2GVILwVW1+qp24BOo6ecq
G2VldohIy0T8eMebBH9ojICKHT+bpA==
=S5gL
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 5422-1] jupyter-core security update, Aron Xu, 09.06.2023

Archiv bereitgestellt durch MHonArc 2.6.24.