ELA-814-1 jupyter-core security update

arbitrary code execution

2023-03-13
Packagejupyter-core
Version4.2.1-1+deb9u1 (stretch)
Related CVEs CVE-2022-39286


It was discovered that jupyter-core, the base framework for Jupyter projects like Jupyter Notebooks, could execute arbitrary code when loading configuration files.



For Debian 9 stretch, these problems have been fixed in version 4.2.1-1+deb9u1.

We recommend that you upgrade your jupyter-core packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.