Control: tags -1 confirmed On Sat, Jul 19, 2014 at 13:51:46 +0200, Julian Taylor wrote:
> Package: release.debian.org > Severity: normal > Tags: wheezy > User: release.debian....@packages.debian.org > Usertags: pu > > Hi release team > > I would like to update ipython in wheezy to fix CVE-2014-3429 > It is a remote execution flaw via cross origin websockets, but one > requires a uuid from the process in order to make use of it so it was > decided by the security team that its severe enough for a DSA. Missing "not"? > But it should stil be fixed in stable just in case. > > See this page for details of the issue: > http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython With one comment below, and assuming this has been tested in a wheezy environment, feel free to upload. > diff -Nru ipython-0.13.1/debian/changelog ipython-0.13.1/debian/changelog > --- ipython-0.13.1/debian/changelog 2012-11-25 20:04:22.000000000 +0100 > +++ ipython-0.13.1/debian/changelog 2014-07-16 20:29:04.000000000 +0200 > @@ -1,3 +1,9 @@ > +ipython (0.13.1-2+deb7u1) stable-security; urgency=medium Please make that "stable" or "wheezy". > + > + * Fix CVE-2014-3429: remote execution via cross origin websocket > + > + -- Julian Taylor <jtaylor.deb...@googlemail.com> Wed, 16 Jul 2014 20:27:50 > +0200 > + > ipython (0.13.1-2) unstable; urgency=low > > * update watch file to use github directly Cheers, Julien
signature.asc
Description: Digital signature
