Candidate: CVE-2014-3429
PublicDate: 2014-08-07 11:13:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3429
 https://github.com/ipython/ipython/pull/4845
Description:
 IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin
 of websocket requests, which allows remote attackers to execute arbitrary
 code by leveraging knowledge of the kernel id and a crafted page.
Ubuntu-Description:
Notes:
 jdstrand> Ubuntu 10.04 LTS not affected per bug reporter
Bugs:
 https://bugs.launchpad.net/bugs/1344854
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_ipython:
 upstream: https://github.com/ipython/ipython/pull/4845
 debdiff: https://bugs.launchpad.net/ubuntu/+source/ipython/+bug/1344854
upstream_ipython: released (1.2.0~rc1-1)
lucid_ipython: not-affected
precise_ipython: released (0.12.1+dfsg-0ubuntu1.1)
trusty_ipython: not-affected (1.2.1-2)
trusty/esm_ipython: not-affected (1.2.1-2)
devel_ipython: not-affected