[Debian-pan-maintainers] Bug#1082871: jupyterlab: CVE-2024-43805
Sylvain Beucler
beuc at beuc.net
Tue Nov 19 16:08:56 GMT 2024
Hi,
I'm part of the Debian LTS Team and I'm trying to identify the fix.
Checking 4.2.5 and 3.6.8 history:
https://github.com/jupyterlab/jupyterlab/commits/4.2.x/
https://github.com/jupyterlab/jupyterlab/commits/3.6.x/
the only common commit appears to be the mysterious
"Merge commit from fork" :
https://github.com/jupyterlab/jupyterlab/commit/88e24baac551196f9cb3de16bd060a7ab1597674
https://github.com/jupyterlab/jupyterlab/commit/06ad9de836f155add7d3d651ef936cc4c5ea8093
which does seem related to HTML filtering and DOM clobbering.
Do you concur?
Cheers!
Sylvain Beucler
Debian LTS Team
More information about the Debian-pan-maintainers
mailing list