diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2021-11-27 13:36:30 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-11-27 13:36:30 +0100 |
| commit | 3c1f3ce1de1bb6a5c81a6ee0aed4519ab1b7b790 (patch) | |
| tree | add033f87cb0f25e6648082e4f2fc24f11d88e8e | |
| parent | 436898aea3ad983d2b96ce8f35b57c98f823c0f7 (diff) | |
jupyterhub entered the archive
| -rw-r--r-- | data/CVE/2019.list | 1 | ||||
| -rw-r--r-- | data/CVE/2020.list | 3 | ||||
| -rw-r--r-- | data/CVE/2021.list | 4 |
3 files changed, 6 insertions, 2 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 0d164e4943..fcc2139438 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -28357,6 +28357,7 @@ CVE-2019-10256 (An authentication bypass vulnerability in VIVOTEK IPCam versions CVE-2019-10255 (An Open Redirect vulnerability for all browsers in Jupyter Notebook be ...) - jupyter-notebook 5.7.8-1 (bug #925939) [stretch] - jupyter-notebook <no-dsa> (Intrusive to backport) + - jupyterhub <not-affected> (Fixed before initial upload to Debian) NOTE: https://github.com/jupyter/notebook/commit/08c4c898182edbe97aadef1815cce50448f975cb NOTE: https://github.com/jupyter/notebook/commit/70fe9f0ddb3023162ece21fbb77d5564306b913b NOTE: When adressing this issue make sure to not open CVE-2019-10856 and apply the diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 2ac8dc6e07..2cd87fffb0 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -859,7 +859,8 @@ CVE-2020-36194 (An XSS vulnerability has been reported to affect QNAP NAS runnin CVE-2020-36192 (An issue was discovered in the Source Integration plugin before 2.4.1 ...) NOT-FOR-US: Source Integration plugin for MantisBT CVE-2020-36191 (JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lac ...) - NOT-FOR-US: JupyterHub + - jupyterhub <unfixed> + NOTE: https://github.com/jupyterhub/jupyterhub/issues/3304 CVE-2020-36190 (RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows ...) NOT-FOR-US: RailsAdmin CVE-2020-36189 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 060c4f0a13..a90c668c21 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -6960,7 +6960,9 @@ CVE-2021-41249 (GraphQL Playground is a GraphQL IDE for development of graphQL f CVE-2021-41248 (GraphiQL is the reference implementation of this monorepo, GraphQL IDE ...) NOT-FOR-US: GraphiQL CVE-2021-41247 (JupyterHub is an open source multi-user server for Jupyter notebooks. ...) - NOT-FOR-US: JupyterHub + - jupyterhub <unfixed> + NOTE: https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-cw7p-q79f-m2v7 + NOTE: https://github.com/jupyterhub/jupyterhub/commit/5ac9e7f73a6e1020ffddc40321fc53336829fe27 CVE-2021-41246 RESERVED CVE-2021-41245 |