diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2021-11-27 13:36:30 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-11-27 13:36:30 +0100 |
commit | 064626bad91bde8a6d0a7af0eceea0600dcc9929 (patch) | |
tree | d2d2cf350bfc87043716af639f5e1bd942415f82 | |
parent | 58b26ad9bf8c7327be7cf1e382cd7bf90b7e99e3 (diff) |
jupyterhub entered the archive
-rw-r--r-- | data/CVE/list.2019 | 1 | ||||
-rw-r--r-- | data/CVE/list.2020 | 3 | ||||
-rw-r--r-- | data/CVE/list.2021 | 4 |
3 files changed, 6 insertions, 2 deletions
diff --git a/data/CVE/list.2019 b/data/CVE/list.2019 index 0d164e4943..fcc2139438 100644 --- a/data/CVE/list.2019 +++ b/data/CVE/list.2019 @@ -28357,6 +28357,7 @@ CVE-2019-10256 (An authentication bypass vulnerability in VIVOTEK IPCam versions CVE-2019-10255 (An Open Redirect vulnerability for all browsers in Jupyter Notebook be ...) - jupyter-notebook 5.7.8-1 (bug #925939) [stretch] - jupyter-notebook <no-dsa> (Intrusive to backport) + - jupyterhub <not-affected> (Fixed before initial upload to Debian) NOTE: https://github.com/jupyter/notebook/commit/08c4c898182edbe97aadef1815cce50448f975cb NOTE: https://github.com/jupyter/notebook/commit/70fe9f0ddb3023162ece21fbb77d5564306b913b NOTE: When adressing this issue make sure to not open CVE-2019-10856 and apply the diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index 2ac8dc6e07..2cd87fffb0 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -859,7 +859,8 @@ CVE-2020-36194 (An XSS vulnerability has been reported to affect QNAP NAS runnin CVE-2020-36192 (An issue was discovered in the Source Integration plugin before 2.4.1 ...) NOT-FOR-US: Source Integration plugin for MantisBT CVE-2020-36191 (JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lac ...) - NOT-FOR-US: JupyterHub + - jupyterhub <unfixed> + NOTE: https://github.com/jupyterhub/jupyterhub/issues/3304 CVE-2020-36190 (RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows ...) NOT-FOR-US: RailsAdmin CVE-2020-36189 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...) diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 060c4f0a13..a90c668c21 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -6960,7 +6960,9 @@ CVE-2021-41249 (GraphQL Playground is a GraphQL IDE for development of graphQL f CVE-2021-41248 (GraphiQL is the reference implementation of this monorepo, GraphQL IDE ...) NOT-FOR-US: GraphiQL CVE-2021-41247 (JupyterHub is an open source multi-user server for Jupyter notebooks. ...) - NOT-FOR-US: JupyterHub + - jupyterhub <unfixed> + NOTE: https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-cw7p-q79f-m2v7 + NOTE: https://github.com/jupyterhub/jupyterhub/commit/5ac9e7f73a6e1020ffddc40321fc53336829fe27 CVE-2021-41246 RESERVED CVE-2021-41245 |