[Git][security-tracker-team/security-tracker][master] Marked CVE-2018-19352 as not-affected. Vulnerable code introduced

Abhijith PA abhijith at debian.org
Mon Nov 2 06:59:53 GMT 2020 


Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3892e3d4 by Abhijith PA at 2020-11-02T12:27:47+05:30
Marked CVE-2018-19352 as not-affected. Vulnerable code introduced
after 4.2.3 (stretch version). See commit https://github.com/jupyter/notebook/commit/9ce534c020da37e6c8367884133eece5efc9ca82

Remove no-dsa tag for CVE-2018-8768

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -125418,6 +125418,7 @@ CVE-2018-19353 (The ansilove_ansi function in loaders/ansi.c in libansilove 1.0.
 	NOT-FOR-US: libansilove
 CVE-2018-19352 (Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name  ...)
 	- jupyter-notebook 5.7.4-1 (bug #917408)
+	[stretch] - jupyter-notebook <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/jupyter/notebook/commit/288b73e1edbf527740e273fcc69b889460871648
 CVE-2018-19351 (Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook bec ...)
 	- jupyter-notebook 5.7.4-1 (bug #917409)
@@ -154186,7 +154187,6 @@ CVE-2017-18239 (A time-sensitive equality check on the JWT signature in the Json
 	NOT-FOR-US: authentikat-jwt
 CVE-2018-8768 (In Jupyter Notebook before 5.4.1, a maliciously forged notebook file c ...)
 	- jupyter-notebook 5.4.1-1 (bug #893436)
-	[stretch] - jupyter-notebook <no-dsa> (Minor issue)
 	- ipython 5.1.0-2
 	[jessie] - ipython <no-dsa> (Minor issue)
 	[wheezy] - ipython <ignored> (Too invasive to fix)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3892e3d41ad137d12c43eeaf1d23579702e4ca5e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3892e3d41ad137d12c43eeaf1d23579702e4ca5e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201102/19660b45/attachment.html>

More information about the debian-security-tracker-commits mailing list