Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 552816 - <dev-python/ipython-2.2.0-r1 multiple vulnerabilities
Summary: <dev-python/ipython-2.2.0-r1 multiple vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-06-22 09:29 UTC by Justin Lecher (RETIRED)
Modified: 2015-06-29 21:18 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Justin Lecher (RETIRED) gentoo-dev 2015-06-22 09:29:43 UTC 
IPython 3.2
===========

IPython 3.2 contains important security fixes. Users are **strongly** encouraged to upgrade immediately.

Highlights:

- A security improvement that set the secure attribute to login cookie to prevent them to be sent over http
- Revert the face color of matplotlib axes in the inline backend to not be transparent.
- Enable mathjax safe mode by default
- Fix XSS vulnerability in JSON error messages
- Various widget-related fixes

See :ref:`issues_list_3` for details.
Comment 1 Justin Lecher (RETIRED) gentoo-dev 2015-06-22 09:46:18 UTC 
+*ipython-3.2.0 (22 Jun 2015)
+*ipython-2.2.0-r1 (22 Jun 2015)
+
+  22 Jun 2015; Justin Lecher <jlec@gentoo.org>
+  +files/ipython-2.2.0-login-backport.patch, +ipython-2.2.0-r1.ebuild,
+  +ipython-3.2.0.ebuild, -ipython-2.4.1.ebuild, -ipython-3.0.0.ebuild,
+  -ipython-3.1.0.ebuild:
+  Backport vulnerability fix, bug #552816; drop vulnerable versions; create
+  mathjax symlink USE dependent, bug #481726
+
Comment 2 Justin Lecher (RETIRED) gentoo-dev 2015-06-22 09:46:55 UTC 
@arches please stabilize

dev-python/ipython-2.2.0-r1
Comment 3 Agostino Sarubbo gentoo-dev 2015-06-23 15:19:02 UTC 
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2015-06-24 08:05:07 UTC 
ppc stable
Comment 5 Agostino Sarubbo gentoo-dev 2015-06-26 08:06:11 UTC 
x86 stable
Comment 6 Jeroen Roovers (RETIRED) gentoo-dev 2015-06-27 07:10:48 UTC 
Stable for PPC64.
Comment 7 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-06-27 12:47:11 UTC 
arm stable

Cleanup, please!

GLSA vote: No.
Comment 8 Justin Lecher (RETIRED) gentoo-dev 2015-06-28 18:09:51 UTC 
+  28 Jun 2015; Justin Lecher <jlec@gentoo.org> -ipython-2.2.0.ebuild:
+  Drop vulnerable version, bug #552816
+
Comment 9 Yury German Gentoo Infrastructure gentoo-dev 2015-06-29 21:18:22 UTC 
GLSA Vote: No

Thank you all. Closing as noglsa.