Bug 2308440
| Summary: | CVE-2024-43805 jupyterlab: JupyterLab Vulnerability Allows Data Access via Malicious Markdown [fedora-39] | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Michal Findra <mfindra> |
| Component: | jupyterlab | Assignee: | Lumír Balhar <lbalhar> |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 39 | CC: | lbalhar, python-packagers-sig, torsava |
| Target Milestone: | --- | Keywords: | Security, SecurityTracking |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | {"flaws": ["78988400-6886-45f3-a3b0-628423b87468"]} | ||
| Fixed In Version: | Doc Type: | No Doc Update | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2024-10-08 12:27:35 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2308378 | ||
|
Description
Michal Findra
2024-08-29 05:41:07 UTC
JupyterLab v3.6.8, v4.2.5 and Jupyter Notebook v7.2.2 were patched. This we have v4.2.5 in Fedora 40+, there's no fix yet in Fedora 39. Unfortunately, it's impossible to update jupyterlab and notebook in f39 due to missing dependencies and backporting the patch would require changing how we build these packages. I'll try to find a way but I don't think I'll make it in time that would make sense for soon-eol Fedora 39. I won't have enough free cycles to fix this in Fedora 39 before the EOL date which is in 5 weeks. |