Bug#755263: wheezy-pu: package ipython/0.13.1-2+deb7u1

To: Julien Cristau <jcristau@debian.org>, 755263@bugs.debian.org
Subject: Bug#755263: wheezy-pu: package ipython/0.13.1-2+deb7u1
From: Julian Taylor <jtaylor@ubuntu.com>
Date: Sat, 19 Jul 2014 19:47:22 +0200
Message-id: <53CAAF2A.10907@ubuntu.com>
Reply-to: Julian Taylor <jtaylor@ubuntu.com>, 755263@bugs.debian.org
In-reply-to: <20140719151955.GV3236@betterave.cristau.org>
References: <20140719115146.17067.92971.reportbug@ubuntu> <20140719151955.GV3236@betterave.cristau.org>

On 19.07.2014 17:19, Julien Cristau wrote:
> Control: tags -1 confirmed
> 
> On Sat, Jul 19, 2014 at 13:51:46 +0200, Julian Taylor wrote:...
>> I would like to update ipython in wheezy to fix CVE-2014-3429
>> It is a remote execution flaw via cross origin websockets, but one
>> requires a uuid from the process in order to make use of it so it was
>> decided by the security team that its severe enough for a DSA.
> 
> Missing "not"?

yes, its not severe enough.

> 
>> But it should stil be fixed in stable just in case.
>>
>> See this page for details of the issue:
>> http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython
> 
> With one comment below, and assuming this has been tested in a wheezy
> environment, feel free to upload.

thanks fixed and uploaded with a slightly better changelog message.

Reply to:

Follow-Ups:
- Bug#755263: wheezy-pu: package ipython/0.13.1-2+deb7u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

References:
- Bug#755263: wheezy-pu: package ipython/0.13.1-2+deb7u1
  - From: Julian Taylor <jtaylor@ubuntu.com>
- Bug#755263: wheezy-pu: package ipython/0.13.1-2+deb7u1
  - From: Julien Cristau <jcristau@debian.org>

Prev by Date: Bug#755263: wheezy-pu: package ipython/0.13.1-2+deb7u1
Next by Date: Re: Linux kernel ABI bump
Previous by thread: Bug#755263: wheezy-pu: package ipython/0.13.1-2+deb7u1
Next by thread: Bug#755263: wheezy-pu: package ipython/0.13.1-2+deb7u1
Index(es):
- Date
- Thread