Ubuntu has issued an advisory today (August 30): https://ubuntu.com/security/notices/USN-5585-1 The issues are fixed upstream in 6.4.12. Mageia 8 is also affected.
Blocks: (none) => 30664Status comment: (none) => Fixed upstream in 6.4.12Whiteboard: (none) => MGA8TOO
Upstream advisories: https://github.com/jupyter/notebook/security/advisories/GHSA-m87f-39q9-6f55 https://github.com/jupyter/notebook/security/advisories/GHSA-v7vq-3x77-87vg
Updated in cauldron
Whiteboard: MGA8TOO => (none)QA Contact: security => yves.brungard_mageiaVersion: Cauldron => 8CC: (none) => yves.brungard_mageia
I applied patches: https://github.com/jupyter/notebook/commit/c219ce43c1ea25123fa70d264e7735bdf4585b1e and https://github.com/jupyter/notebook/commit/a161ffac6bfff2491fe5c4e9f6111256b8b57f08 jupyter-notebook-6.1.6-2.mga8.noarch python-jupyter-notebook-6.1.6-2.mga8.noarch Source: jupyter-notebook-6.1.6
Thanks. Bug 30664 still needs to be addressed (at least for this package).
Status comment: Fixed upstream in 6.4.12 => (none)
The release 6.4.12 needs to import 2 new python modules in Mageia 8. This is why I had a preference to just patch 6.1.6. But now, Bug 30664 is not so easy to correct with patch. Is the import of new modules a valid way?
As long as the update isn't too disruptive a change for users, yes, it can be.
Thus I updated to 6.4.12: jupyter-notebook-6.4.12-1.mga8 python-jupyter-notebook-6.4.12-1.mga8 python3-send2trash-1.8.0-1.mga8 python3-nest-asyncio-1.5.5-1.mga8
Assignee: python => qa-bugs
SRPMS: jupyter-notebook-6.4.12-1.mga8.src.rpm python-send2trash-1.8.0-1.mga8.src.rpm python-nest-asyncio-1.5.5-1.mga8.src.rpm
mga8, x64 Checked report for bug 27705. Installed the release packages and made sure that the notebook server started OK. Running the command `jupyter-notebook` opened a page in the browser pointing at the user's start directory (under Files). The Running tab said that no terminals were running and no notebooks. The server was running in a terminal though. Updated the four packages. Restarted $ jupyter-notebook [I 18:13:58.575 NotebookApp] Serving notebooks from local directory: /home/lcl/qa/jupyter-notebook [I 18:13:58.575 NotebookApp] Jupyter Notebook 6.4.12 is running at: [I 18:13:58.575 NotebookApp] http://localhost:8888/?token=3a455569767287e5a19731dde452dde89d0ccae45057e07c [I 18:13:58.575 NotebookApp] or http://127.0.0.1:8888/?token=3a455569767287e5a19731dde452dde89d0ccae45057e07c [I 18:13:58.575 NotebookApp] Use Control-C to stop this server and shut down all kernels (twice to skip confirmation). [C 18:13:58.595 NotebookApp] To access the notebook, open this file in a browser: file:///home/lcl/.local/share/jupyter/runtime/nbserver-328198-open.html Or copy and paste one of these URLs: http://localhost:8888/?token=3a455569767287e5a19731dde452dde89d0ccae45057e07c or http://127.0.0.1:8888/?token=3a455569767287e5a19731dde452dde89d0ccae45057e07c This opens the user directory in a browser.. Using the suggested link from above opens the same directory under the Files tab and so does the token URL at localhost:8088. It is all consistent. The Youtube tutorial is unintelligble, running at breakneck speed without any subtitles (for the hard of hearing like me) so it is impossible to follow. The text is illegible as well. There is an untitled.txt file here with this content: var cell = Jupyter.notebook.get_selected_cell(); var config = cell.config; var patch = { CodeCell:{ cm_config:{indentUnit:2} } } config.update(patch) which looks like it is supposed to run within the notebook framework. There is also Untitled.ipynb which seems to contain the same code with a notebook harness. Clicking on it opens another browser page displaying the file with runtime diagnostics. A menu bar appears with various symbols and the directive 'run' and 'code' offering some options. It is all meaningless without a proper background but looks like it might be working so this can go out.
Whiteboard: (none) => MGA8-64-OKCC: (none) => tarazed25
QA Contact: yves.brungard_mageia => security
Advisory note: this update fixes this bug and Bug 30664 for this package.
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0323.html
Status: NEW => RESOLVEDResolution: (none) => FIXED