Package "jupyter-notebook"

  jupyter-notebook (6.4.8-1ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Crafted link to login page redirects to malicious site
    (LP: #1982670)
    - debian/patches/CVE-2019-10856.patch: Handle empty netloc being
      interpreted as first path part being the netloc by buggy browsers.
    - CVE-2019-10856
  * SECURITY UPDATE: Sensitive information disclosure leading to unauthorized
    access (LP: #1982670)
    - debian/patches/CVE-2022-24758.patch: Log only a non-sensitive subset of
      the headers when a HTTP 5xx error other than HTTP 502 is triggered.
    - CVE-2022-24758
  * SECURITY UPDATE: Access to hidden files or to files in hidden directories
    (LP: #1982670)
    - debian/patches/CVE-2022-29238-1.patch: Add checks for hidden file or path on
      file get.
    - debian/patches/CVE-2022-29238-2.patch: added hidden checks on
      FileContentsManager and accompanying tests.
    - debian/patches/CVE-2022-29238-3.patch: Added hidden checks on
      notebook/services/contents/handlers.py and accompanying tests.
    - debian/patches/CVE-2022-29238-4.patch: Update log message to mention
      hidden directories.
    - debian/patches/CVE-2022-29238-5.patch: Update error messages to not
      mention hidden files.
    - CVE-2022-29238
  * debian/source/lintian-overrides: Update to fix Lintian warnings.

 -- Luís Infante da Câmara <email address hidden> Fri, 29 Jul 2022 21:35:10 +0100