[IPython-dev] [ANN] Security release notebook-4.0.5, ipython-3.2.2
MinRK
benjaminrk at gmail.com
Thu Sep 24 09:57:20 EDT 2015
(resent because of ipython-dev mailing list trouble)
We’ve just pushed a security release of notebook-4.0.5 and IPython-3.2.2,
fixing two vulnerabilities associated with maliciously crafted files.
- malicious filenames can execute code: CVE-2015-6938
<http://www.openwall.com/lists/oss-security/2015/09/02/3>
- attempting to edit malicious text files with invalid encoding can
result in execution CVE-2015-7337
<http://www.openwall.com/lists/oss-security/2015/09/16/3>
Thanks to Juan Broullón, Jonathan Kamens, and Scott Sanderson for the
reports.
-MinRK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ipython-dev/attachments/20150924/337b2bf9/attachment.html>
More information about the IPython-dev
mailing list