[Git][security-tracker-team/security-tracker][master] CVE-2018-1935{1,2}/jupyter-notebook
Salvatore Bonaccorso
carnil at debian.org
Sun Nov 18 20:36:16 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a6a9636f by Salvatore Bonaccorso at 2018-11-18T20:31:23Z
CVE-2018-1935{1,2}/jupyter-notebook
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,9 +13,11 @@ CVE-2018-19354
CVE-2018-19353 (The ansilove_ansi function in loaders/ansi.c in libansilove 1.0.0 ...)
NOT-FOR-US: libansilove
CVE-2018-19352 (Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name ...)
- TODO: check
+ - jupyter-notebook <unfixed>
+ NOTE: https://github.com/jupyter/notebook/commit/288b73e1edbf527740e273fcc69b889460871648
CVE-2018-19351 (Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook ...)
- TODO: check
+ - jupyter-notebook <unfixed>
+ NOTE: https://github.com/jupyter/notebook/commit/107a89fce5f413fb5728c1c5d2c7788e1fb17491
CVE-2008-7320 (** DISPUTED ** GNOME Seahorse through 3.30 allows physically proximate ...)
- seahorse <unfixed> (unimportant)
NOTE: https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/189774
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a6a9636f6073b84f19f3abca09f40ecb90fc8ee3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a6a9636f6073b84f19f3abca09f40ecb90fc8ee3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181118/3b11f3b7/attachment.html>
More information about the debian-security-tracker-commits
mailing list