[ubuntu/oracular-updates] openrefine 3.7.8-1ubuntu0.1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Mon Feb 10 00:58:10 UTC 2025
openrefine (3.7.8-1ubuntu0.1) oracular-security; urgency=medium
* SECURITY UPDATE: Information leak
- debian/patches/CVE-2024-49760.patch: Restricts the loading of
files to their expected subdirectory
- CVE-2024-49760
* SECURITY UPDATE: Remote code execution
- debian/patches/CVE-2024-47878.patch: gdata: Check cb parameter in
authorized command
- debian/patches/CVE-2024-47880.patch: Drop support for contentType
parameter
- debian/patches/CVE-2024-47881.patch: Add restrictions when opening
SQLite databases via the database extension
- debian/patches/CVE-2024-47882.patch: Escape error and stack trace
- CVE-2024-47878
- CVE-2024-47880
- CVE-2024-47881
- CVE-2024-47882
* SECURITY UPDATE: Cross site request forgery
- debian/patches/CVE-2024-47879.patch: Add CSRF protection to
commands that evaluate expressions
- CVE-2024-47879
Date: 2025-02-07 06:42:12.149086+00:00
Changed-By: Bruce Cable <bruce.cable at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/openrefine/3.7.8-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the oracular-changes
mailing list