[IPython-dev] [ANN] Security release notebook-4.0.5, ipython-3.2.2

MinRK benjaminrk at gmail.com
Thu Sep 24 09:57:20 EDT 2015


(resent because of ipython-dev mailing list trouble)

We’ve just pushed a security release of notebook-4.0.5 and IPython-3.2.2,
fixing two vulnerabilities associated with maliciously crafted files.

   - malicious filenames can execute code: CVE-2015-6938
   <http://www.openwall.com/lists/oss-security/2015/09/02/3>
   - attempting to edit malicious text files with invalid encoding can
   result in execution CVE-2015-7337
   <http://www.openwall.com/lists/oss-security/2015/09/16/3>

Thanks to Juan Broullón, Jonathan Kamens, and Scott Sanderson for the
reports.

-MinRK
​
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ipython-dev/attachments/20150924/337b2bf9/attachment.html>


More information about the IPython-dev mailing list