Debian Bug report logs -
#793123
ipython: CVE-2015-5607: cross-site request forgery
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 21 Jul 2015 13:45:01 UTC
Severity: important
Tags: fixed-upstream, security, upstream
Found in version ipython/0.13.1-1
Fixed in version 2.4.1-1
Done: Moritz Muehlenhoff <jmm@inutil.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>:
Bug#793123; Package src:ipython.
(Tue, 21 Jul 2015 13:45:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>.
(Tue, 21 Jul 2015 13:45:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: ipython
Version: 0.13.1-1
Severity: important
Tags: security upstream fixed-upstream
Hi,
the following vulnerability was published for ipython. Creating new
bug, cf. #789824, due to different affected versions.
CVE-2015-5607[0]:
cross-site request forgery
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-5607
[1] http://www.openwall.com/lists/oss-security/2015/07/21/3
Regards,
Salvatore
Reply sent
to Moritz Muehlenhoff <jmm@inutil.org>:
You have taken responsibility.
(Fri, 29 Apr 2016 13:27:13 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Fri, 29 Apr 2016 13:27:13 GMT) (full text, mbox, link).
Message #10 received at 793123-done@bugs.debian.org (full text, mbox, reply):
Version: 2.4.1-1
On Tue, Jul 21, 2015 at 03:40:46PM +0200, Salvatore Bonaccorso wrote:
> Source: ipython
> Version: 0.13.1-1
> Severity: important
> Tags: security upstream fixed-upstream
>
> Hi,
>
> the following vulnerability was published for ipython. Creating new
> bug, cf. #789824, due to different affected versions.
>
> CVE-2015-5607[0]:
> cross-site request forgery
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
Fixed in 2.4.1-1, which includes
https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0
Cheers,
Moritz
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 28 May 2016 07:27:38 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:31:53 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon