Debian Bug report logs -
#798886
ipython: CVE-2015-6938: XSS vulnerability
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Sun, 13 Sep 2015 20:12:20 UTC
Severity: grave
Tags: fixed-upstream, security, upstream
Found in version ipython/0.13.1-1
Fixed in version ipython/2.4.1-1
Done: Julian Taylor <jtaylor.debian@googlemail.com>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>:
Bug#798886; Package src:ipython.
(Sun, 13 Sep 2015 20:12:24 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>.
(Sun, 13 Sep 2015 20:12:24 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: ipython
Severity: grave
Tags: security
Please see http://www.openwall.com/lists/oss-security/2015/09/02/3
Cheers,
Moritz
Marked as found in versions ipython/0.13.1-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 14 Sep 2015 20:18:03 GMT) (full text, mbox, link).
Changed Bug title to 'ipython: CVE-2015-6938: XSS vulnerability' from 'cross-site request forgery (no CVE yet)'
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 14 Sep 2015 20:18:04 GMT) (full text, mbox, link).
Added tag(s) fixed-upstream and upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 14 Sep 2015 20:18:05 GMT) (full text, mbox, link).
Reply sent
to Julian Taylor <jtaylor.debian@googlemail.com>:
You have taken responsibility.
(Thu, 07 Jan 2016 22:21:31 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Thu, 07 Jan 2016 22:21:31 GMT) (full text, mbox, link).
Message #16 received at 798886-close@bugs.debian.org (full text, mbox, reply):
Source: ipython
Source-Version: 2.4.1-1
We believe that the bug you reported is fixed in the latest version of
ipython, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 798886@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Julian Taylor <jtaylor.debian@googlemail.com> (supplier of updated ipython package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 06 Jan 2016 15:47:58 +0100
Source: ipython
Binary: ipython ipython3 ipython-qtconsole ipython3-qtconsole ipython-notebook-common ipython-notebook ipython3-notebook ipython-doc
Architecture: source all
Version: 2.4.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
Changed-By: Julian Taylor <jtaylor.debian@googlemail.com>
Description:
ipython - enhanced interactive Python shell
ipython-doc - enhanced interactive Python shell - Documentation
ipython-notebook - interactive Python html notebook
ipython-notebook-common - interactive Python html notebook data package
ipython-qtconsole - enhanced interactive Python shell - Qt console
ipython3 - enhanced interactive Python 3 shell
ipython3-notebook - interactive Python 3 html notebook
ipython3-qtconsole - enhanced interactive Python 3 shell - Qt console
Closes: 789824 798886 803082
Changes:
ipython (2.4.1-1) unstable; urgency=medium
.
* New upstream release (Closes: #803082)
* add backported patches to support python3.5
* fix CVE-2015-6938: XSS vulnerability (Closes: #798886)
* fix CVE-2015-4707: XSS in JSON error responses (Closes: #789824)
Checksums-Sha1:
8f865f1f772fd9da3d21984447a9709b27b423af 2923 ipython_2.4.1-1.dsc
8f51a383fc8436e476110417fb8ae694d499defd 11896092 ipython_2.4.1.orig.tar.gz
7f858ef7ae5a0f72b022637d24124b9c89da0d16 42876 ipython_2.4.1-1.debian.tar.xz
9138492c0402c66dd03f590ebfcc43cc3cc446fa 7126238 ipython-doc_2.4.1-1_all.deb
1de188314b810cb5008e5c2e5e0f9c03da6a6d5e 722906 ipython-notebook-common_2.4.1-1_all.deb
25151f09eb1c9fd29205b8eb42d4c7713a469882 48242 ipython-notebook_2.4.1-1_all.deb
4203a771056d3603aa3355edd30ea755c8dcc46e 67752 ipython-qtconsole_2.4.1-1_all.deb
ff97b28bfb2931f23ce7517e62dd231583196198 48350 ipython3-notebook_2.4.1-1_all.deb
68af58b8123221b40d2423d4f70e83522380dfa9 67844 ipython3-qtconsole_2.4.1-1_all.deb
3a308016bf1addf3234523d97bdbfa926263d1f1 635158 ipython3_2.4.1-1_all.deb
24374e71299f2eb8dffabf3d382a0cac3260e5f8 618682 ipython_2.4.1-1_all.deb
Checksums-Sha256:
ae8a0b8fa31f8b9d70f280ef6ecc23553ee07742795699fcbb230b2080fc03d2 2923 ipython_2.4.1-1.dsc
6d350b5c2d3e925b0ff6167658812d720b891e476238d924504e2f7f483e9217 11896092 ipython_2.4.1.orig.tar.gz
fbe9bc5ab2e0727afb916977adc8122c673d42940831c11bb1b812c612a2016b 42876 ipython_2.4.1-1.debian.tar.xz
119bbfdb4c228e470f287c754af086def0d87e7bdaae82ebe39b520dfa657b8d 7126238 ipython-doc_2.4.1-1_all.deb
9e71df81586d66d73c4dbab0cb112918195f1ed8550bc36fc6238e2f88779e4a 722906 ipython-notebook-common_2.4.1-1_all.deb
f1f6578d408be1ac03a471bb42706d3ca52cae2d9609c5a72f4fcd062daad107 48242 ipython-notebook_2.4.1-1_all.deb
c8ffee890091fd3ba40b6eb434394b7de45011f8c593148ce92779fc71d56d10 67752 ipython-qtconsole_2.4.1-1_all.deb
3ecbb8207c72ce8f91e75a75f888b0e8e0a915da287be1f10875c91c733d9d11 48350 ipython3-notebook_2.4.1-1_all.deb
d692eb0e76c87aca9ee47d572dd5ae544165e76bed49160b63ca0d3f05e6ebb5 67844 ipython3-qtconsole_2.4.1-1_all.deb
0c1e30bf777774aa3c4f61de83261c8150bf81f75b8f741a8451eb9ad5b6a2c1 635158 ipython3_2.4.1-1_all.deb
96fc0fd9342f4d4d260706c0db6136c77f3961ab500d9311306446e19ebe80f8 618682 ipython_2.4.1-1_all.deb
Files:
186a910f9dcb394486a94c33c366b253 2923 python optional ipython_2.4.1-1.dsc
70149981d6515d77ecb3d7507de2d7d9 11896092 python optional ipython_2.4.1.orig.tar.gz
816edbfce2bdf5b86a321826b2c75b6b 42876 python optional ipython_2.4.1-1.debian.tar.xz
56372271b8af84dede5655b388318062 7126238 doc optional ipython-doc_2.4.1-1_all.deb
87870a83fd59fc43746281fdd6ca3ed0 722906 python optional ipython-notebook-common_2.4.1-1_all.deb
94e792f2f17d4bf43e79601dd5120fb7 48242 python optional ipython-notebook_2.4.1-1_all.deb
3b05d128375f216d278ee1fefb9d7f13 67752 python optional ipython-qtconsole_2.4.1-1_all.deb
dd7bb4488c013b55382382276d3c3d59 48350 python optional ipython3-notebook_2.4.1-1_all.deb
12f1f0e3cb1040a57e340351b5c088da 67844 python optional ipython3-qtconsole_2.4.1-1_all.deb
0cabf891d928c0f3438a30720779b427 635158 python optional ipython3_2.4.1-1_all.deb
e3e957802d40908dfc52f2c052bb2167 618682 python optional ipython_2.4.1-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJWjtZXAAoJEDLMSqwCh4b/EC8P/iowoTrhEx8+llbz9hU31/o3
7CbK7z3fl5Nig/UGr0a09rQpuzvmsO9fgbFJoCXEAP9YjSUpZXgCOyLIQsbTos2f
0UjTwoaGpKo3cHVWWRqFoywnyF1ZBRLt9QGcZ4oX//4IF57qmZPwME+PqbjtiBYI
8W5OkXRwB43rRdl2XsZcV9zI01pV8SVT6eoNWg3muVXpvT4bGJqDCNTic1uCrVRm
GGHjgtEwOwajYsrDOiI6GmrcO3aAOyqDxMTR71qF1BTF9S9gM6DnkV1xYJ5UZ+wa
kkxG+jxqn94ph4NLOnr81Vc8/wI9Kq7kePRPeDvrcz5yZTkOhC9k92IpYkyVkMdh
+A73VGfx85N+uK6zZ4Ox8kk9IANowNM0gNkDXEq+bnE6tMcQdKLMJqbaZ/R37d5O
cqqctUL4cVcPIJHYjbN/a+RTbDV6JyLtwc6PAhRN+dIB+8P/0hkQrF8PcLqrRG/l
Uj7eN+tXnCMIRlh0LcEkIGX0TKUTw6DALD44y6f2k5pd71Ww5/Q5xx+eY5Q5Vv1Z
UQ4d1m8GY4K54E5P8AMTbuiYQYXcP9RxXksPOuXnD8MB9SyFUnoNixU9Uqqz8zD9
rRm98kyG3HKtxOLKvFPdnEtXj1oHrg6ESdhxvNKh96cCRfA3Afc0kLuSGBwp47LI
RpUOLPT2FSZZae8QR+sJ
=3+b4
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 05 Dec 2016 11:20:57 GMT) (full text, mbox, link).
Bug unarchived.
Request was from Don Armstrong <don@debian.org>
to control@bugs.debian.org.
(Wed, 07 Dec 2016 01:42:56 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 16 Jul 2017 07:53:57 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:01:42 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon