-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 20 Jun 2026 16:39:11 +0300 Source: nbconvert Architecture: source Version: 7.16.6-1+deb13u1 Distribution: trixie Urgency: medium Maintainer: Debian Python Team Changed-By: Adrian Bunk Closes: 1134889 1134890 Changes: nbconvert (7.16.6-1+deb13u1) trixie; urgency=medium . * Non-maintainer upload. * CVE-2026-39377: Arbitrary File Write via Path Traversal in Cell Attachment Filenames (Closes: #1134889) * CVE-2026-39378: Arbitrary File Read via Path Traversal in HTMLExporter Image Embedding (Closes: #1134890) Checksums-Sha1: 6eefda77a3ea1976cf77e72f0615dd1cffd0c6d1 2928 nbconvert_7.16.6-1+deb13u1.dsc 9a8b08de964f85f034c955ec35bf6dc9408a4460 761246 nbconvert_7.16.6.orig.tar.gz badd443048c5893d3eb14483bd69707a415b04ba 63572 nbconvert_7.16.6-1+deb13u1.debian.tar.xz Checksums-Sha256: 0cbeab8bb4cfa40ea67524b057037b7f41062ee39521b3659f2afcca557df5bc 2928 nbconvert_7.16.6-1+deb13u1.dsc 45e3819cc8bd85543a83180bf7606b8fcf4b8e5a4b3fdfc4481a0baf96656d98 761246 nbconvert_7.16.6.orig.tar.gz 51e7b6ff130651df876b36e1805833083f3d14d5460ba44b4cf83e43e714fa4a 63572 nbconvert_7.16.6-1+deb13u1.debian.tar.xz Files: 05bfc6e59b5c02f0c1b9962d5b18a4df 2928 python optional nbconvert_7.16.6-1+deb13u1.dsc 79d03a03e839bf199a1a0d65dadc7567 761246 python optional nbconvert_7.16.6.orig.tar.gz b56a778a02d0a670e50a9237032f79b8 63572 python optional nbconvert_7.16.6-1+deb13u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmo2wmQACgkQiNJCh6LY mLF7VQ//fWTKI8VW8wbP0YARH9A2UX4eN3FTB6W5rzSbHwpQaFeG23ZaYKcGYEbS hE1AcEt8HyAzHMdIEuTHLfkTgd7Byg01m3jgi+hlqxr1dwPI0jkdhRzOzqtW3EKN UCnyGZu4Gz373KUOPPa4BZ+r1pFiEuxUAdrzKdyvHF7xcz94hHp9nI6ZwKRAiI0E ciSAE2dogGqoW+I+T6cgWvcPm9etY+skK4ERk7rYC0iSfJBSdtra7L2E3mjbZrxh rcsCDF+W+qGYqvje/3P5voer2xVKM2urWpvBHHGbfUBrfTNYYo9ZLolB1uWD/TtL vRAmn1y4G4qIB5KVIcmv9LyTCCNdU0q+DcwBPEvacD32iAe7tufLeKYxy2Z5Ymr7 PPUCQVbkaDEMIHbahUNlXH7QpC26eQSszEP4pxGSDri4jFhUU1wKyx2uKNRr+1yf 7ESts05w/Zse7OH2wqPxPhYEt4T9o4qr1Dwvki9tqOt/eYEhblFktF11Y3lXPkKQ B+GfTMWO0j7HMS6/FmOAGMypeb5Ano0I3AlVYWydjfEcVGP0nvcRdmbsYWJWUYro k22JbNRmpT4MxaFLYDJxv8NC8bztWxQwn6iZ2bafP70cgGPA/t0VoPD8n8ekExhm 9TIFNZBXxcpT4xg0hRh9bD3DQk4oS4padsCB45jAYDVc/gIcnTw= =zUYh -----END PGP SIGNATURE-----