pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/www/py-notebook py-notebook: updated to 5.7.6
details: https://anonhg.NetBSD.org/pkgsrc/rev/56dc23e57e9f
branches: trunk
changeset: 393683:56dc23e57e9f
user: adam <adam%pkgsrc.org@localhost>
date: Fri Mar 22 17:55:05 2019 +0000
description:
py-notebook: updated to 5.7.6
5.7.6
5.7.6 contains a security fix for a cross-site inclusion (XSSI) vulnerability,
where files at a known URL could be included in a page from an unauthorized website if the user is logged into a Jupyter server.
The fix involves setting the X-Content-Type-Options: nosniff
header, and applying CSRF checks previously on all non-GET
API requests to GET requests to API endpoints and the /files/ endpoint.
The attacking page is able to access some contents of files when using Internet Explorer through script errors,
but this has not been demonstrated with other browsers.
A CVE has been requested for this vulnerability.
5.7.5
- Fix compatibility with tornado 6
- Fix opening integer filedescriptor during startup on Python 2
- Fix compatibility with asynchronous KernelManager.restart_kernel methods
diffstat:
www/py-notebook/Makefile | 5 ++---
www/py-notebook/distinfo | 10 +++++-----
2 files changed, 7 insertions(+), 8 deletions(-)
diffs (29 lines):
diff -r 03ca678870c1 -r 56dc23e57e9f www/py-notebook/Makefile
--- a/www/py-notebook/Makefile Fri Mar 22 17:53:10 2019 +0000
+++ b/www/py-notebook/Makefile Fri Mar 22 17:55:05 2019 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.12 2019/01/08 10:49:30 markd Exp $
+# $NetBSD: Makefile,v 1.13 2019/03/22 17:55:05 adam Exp $
-DISTNAME= notebook-5.7.4
+DISTNAME= notebook-5.7.6
PKGNAME= ${PYPKGPREFIX}-${DISTNAME}
-PKGREVISION= 1
CATEGORIES= www python
MASTER_SITES= ${MASTER_SITE_PYPI:=n/notebook/}
diff -r 03ca678870c1 -r 56dc23e57e9f www/py-notebook/distinfo
--- a/www/py-notebook/distinfo Fri Mar 22 17:53:10 2019 +0000
+++ b/www/py-notebook/distinfo Fri Mar 22 17:55:05 2019 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.8 2019/01/02 15:32:41 adam Exp $
+$NetBSD: distinfo,v 1.9 2019/03/22 17:55:05 adam Exp $
-SHA1 (notebook-5.7.4.tar.gz) = 1be311bcee44c06f4ac4ec8c4cd59ba15504e585
-RMD160 (notebook-5.7.4.tar.gz) = 29c92f292c99e0c1211562499a730e51f6baffb4
-SHA512 (notebook-5.7.4.tar.gz) = e91bcc950055a670ddc966e52e44543de46eb806a55a468053de0b4b92868b3e9551aac51283c502c8bd7c4bfac41e108d81c6d1b32d117fe4a2c2625ffed7ee
-Size (notebook-5.7.4.tar.gz) = 13389469 bytes
+SHA1 (notebook-5.7.6.tar.gz) = f6d31d620b2817ca99e9e0f6685543effdc4185f
+RMD160 (notebook-5.7.6.tar.gz) = bfe058dcc54e0be016df47ca8f3837a09f89c54f
+SHA512 (notebook-5.7.6.tar.gz) = 3382dad95a0fd3de99b96c3a05a0d931fd99829320ef38760e70193b4162d4168459463d399fc066d5606e292462fee0c663ba7763b6f6834fce2c749533a017
+Size (notebook-5.7.6.tar.gz) = 13369646 bytes
Home |
Main Index |
Thread Index |
Old Index