[Debian-pan-maintainers] Bug#1082871: Bug#1082871: jupyterlab: CVE-2024-43805
Yadd
yadd at debian.org
Tue Nov 19 16:38:09 GMT 2024
On 11/19/24 17:08, Sylvain Beucler wrote:
> Hi,
>
> I'm part of the Debian LTS Team and I'm trying to identify the fix.
>
> Checking 4.2.5 and 3.6.8 history:
> https://github.com/jupyterlab/jupyterlab/commits/4.2.x/
> https://github.com/jupyterlab/jupyterlab/commits/3.6.x/
>
> the only common commit appears to be the mysterious
> "Merge commit from fork" :
> https://github.com/jupyterlab/jupyterlab/
> commit/88e24baac551196f9cb3de16bd060a7ab1597674
> https://github.com/jupyterlab/jupyterlab/
> commit/06ad9de836f155add7d3d651ef936cc4c5ea8093
>
> which does seem related to HTML filtering and DOM clobbering.
>
> Do you concur?
>
> Cheers!
> Sylvain Beucler
> Debian LTS Team
Hi,
yes I didn't find a better list. However, marking the CVE as fixed just
using the mysterious commits make me doubt...
More information about the Debian-pan-maintainers
mailing list