[Git][security-tracker-team/security-tracker][master] jupyterhub entered the archive

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Nov 27 12:36:56 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
527b6b05 by Salvatore Bonaccorso at 2021-11-27T13:36:30+01:00
jupyterhub entered the archive

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10432,7 +10432,9 @@ CVE-2021-41249 (GraphQL Playground is a GraphQL IDE for development of graphQL f
 CVE-2021-41248 (GraphiQL is the reference implementation of this monorepo, GraphQL IDE ...)
 	NOT-FOR-US: GraphiQL
 CVE-2021-41247 (JupyterHub is an open source multi-user server for Jupyter notebooks.  ...)
-	NOT-FOR-US: JupyterHub
+	- jupyterhub <unfixed>
+	NOTE: https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-cw7p-q79f-m2v7
+	NOTE: https://github.com/jupyterhub/jupyterhub/commit/5ac9e7f73a6e1020ffddc40321fc53336829fe27
 CVE-2021-41246
 	RESERVED
 CVE-2021-41245
@@ -53064,7 +53066,8 @@ CVE-2021-23922 (An issue was discovered in Devolutions Remote Desktop Manager be
 CVE-2021-23921 (An issue was discovered in Devolutions Server before 2020.3. There is  ...)
 	NOT-FOR-US: Devolutions Server
 CVE-2020-36191 (JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lac ...)
-	NOT-FOR-US: JupyterHub
+	- jupyterhub <unfixed>
+	NOTE: https://github.com/jupyterhub/jupyterhub/issues/3304
 CVE-2020-36190 (RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows  ...)
 	NOT-FOR-US: RailsAdmin
 CVE-2021-3134 (Mubu 2.2.1 allows local users to gain privileges to execute commands,  ...)
@@ -172443,6 +172446,7 @@ CVE-2019-10256 (An authentication bypass vulnerability in VIVOTEK IPCam versions
 CVE-2019-10255 (An Open Redirect vulnerability for all browsers in Jupyter Notebook be ...)
 	- jupyter-notebook 5.7.8-1 (bug #925939)
 	[stretch] - jupyter-notebook <no-dsa> (Intrusive to backport)
+	- jupyterhub <not-affected> (Fixed before initial upload to Debian)
 	NOTE: https://github.com/jupyter/notebook/commit/08c4c898182edbe97aadef1815cce50448f975cb
 	NOTE: https://github.com/jupyter/notebook/commit/70fe9f0ddb3023162ece21fbb77d5564306b913b
 	NOTE: When adressing this issue make sure to not open CVE-2019-10856 and apply the



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/527b6b056689964b4fa6b817ab788646c9147424

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/527b6b056689964b4fa6b817ab788646c9147424
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211127/66ca5071/attachment.htm>

More information about the debian-security-tracker-commits mailing list