Bug#1082871: [Debian-pan-maintainers] Bug#1082871: jupyterlab: CVE-2024-43805

Yadd Tue, 19 Nov 2024 08:58:11 -0800

On 11/19/24 17:08, Sylvain Beucler wrote:

Hi,


I'm part of the Debian LTS Team and I'm trying to identify the fix.

Checking 4.2.5 and 3.6.8 history:
https://github.com/jupyterlab/jupyterlab/commits/4.2.x/
https://github.com/jupyterlab/jupyterlab/commits/3.6.x/

the only common commit appears to be the mysterious
"Merge commit from fork" :

https://github.com/jupyterlab/jupyterlab/commit/88e24baac551196f9cb3de16bd060a7ab1597674https://github.com/jupyterlab/jupyterlab/commit/06ad9de836f155add7d3d651ef936cc4c5ea8093


which does seem related to HTML filtering and DOM clobbering.

Do you concur?

Cheers!
Sylvain Beucler
Debian LTS Team

Hi,

yes I didn't find a better list. However, marking the CVE as fixed justusing the mysterious commits make me doubt...

Bug#1082871: [Debian-pan-maintainers] Bug#1082871: jupyterlab: CVE-2024-43805

Reply via email to