CVE-2014-3429: remote execution via cross origin websocket
Bug #1344854 reported by
Julian Taylor
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| ipython (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Precise |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
ipython 0.12 in precise is affected by CVE-2014-3429 which allows remote execution of code if one has knowledge of the kernel id (uuid)
the version in lucid and trusty are not affected
See this page for details of the issue:
http://
CVE References
Revision history for this message
| Julian Taylor (jtaylor) wrote | #1 |
| Changed in ipython (Ubuntu): | |
| status: | New → Fix Released |
| description: | updated |
Revision history for this message
| Dimitri John Ledkov (xnox) wrote | #2 |
| Changed in ipython (Ubuntu Precise): | |
| status: | New → Confirmed |
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #3 |
| Changed in ipython (Ubuntu Precise): | |
| status: | Confirmed → In Progress |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #4 |
| Changed in ipython (Ubuntu Precise): | |
| status: | In Progress → Fix Released |
To post a comment you must log in.
Looks good to me. Leaving for security team to handle sponsorship, as I don't know the proper procedure for uploading these.