-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 20 Jun 2026 16:39:11 +0300
Source: nbconvert
Architecture: source
Version: 7.16.6-1+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Adrian Bunk <bunk@debian.org>
Closes: 1134889 1134890
Changes:
 nbconvert (7.16.6-1+deb13u1) trixie; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2026-39377: Arbitrary File Write via Path Traversal in
     Cell Attachment Filenames (Closes: #1134889)
   * CVE-2026-39378: Arbitrary File Read via Path Traversal in
     HTMLExporter Image Embedding (Closes: #1134890)
Checksums-Sha1:
 6eefda77a3ea1976cf77e72f0615dd1cffd0c6d1 2928 nbconvert_7.16.6-1+deb13u1.dsc
 9a8b08de964f85f034c955ec35bf6dc9408a4460 761246 nbconvert_7.16.6.orig.tar.gz
 badd443048c5893d3eb14483bd69707a415b04ba 63572 nbconvert_7.16.6-1+deb13u1.debian.tar.xz
Checksums-Sha256:
 0cbeab8bb4cfa40ea67524b057037b7f41062ee39521b3659f2afcca557df5bc 2928 nbconvert_7.16.6-1+deb13u1.dsc
 45e3819cc8bd85543a83180bf7606b8fcf4b8e5a4b3fdfc4481a0baf96656d98 761246 nbconvert_7.16.6.orig.tar.gz
 51e7b6ff130651df876b36e1805833083f3d14d5460ba44b4cf83e43e714fa4a 63572 nbconvert_7.16.6-1+deb13u1.debian.tar.xz
Files:
 05bfc6e59b5c02f0c1b9962d5b18a4df 2928 python optional nbconvert_7.16.6-1+deb13u1.dsc
 79d03a03e839bf199a1a0d65dadc7567 761246 python optional nbconvert_7.16.6.orig.tar.gz
 b56a778a02d0a670e50a9237032f79b8 63572 python optional nbconvert_7.16.6-1+deb13u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmo2wmQACgkQiNJCh6LY
mLF7VQ//fWTKI8VW8wbP0YARH9A2UX4eN3FTB6W5rzSbHwpQaFeG23ZaYKcGYEbS
hE1AcEt8HyAzHMdIEuTHLfkTgd7Byg01m3jgi+hlqxr1dwPI0jkdhRzOzqtW3EKN
UCnyGZu4Gz373KUOPPa4BZ+r1pFiEuxUAdrzKdyvHF7xcz94hHp9nI6ZwKRAiI0E
ciSAE2dogGqoW+I+T6cgWvcPm9etY+skK4ERk7rYC0iSfJBSdtra7L2E3mjbZrxh
rcsCDF+W+qGYqvje/3P5voer2xVKM2urWpvBHHGbfUBrfTNYYo9ZLolB1uWD/TtL
vRAmn1y4G4qIB5KVIcmv9LyTCCNdU0q+DcwBPEvacD32iAe7tufLeKYxy2Z5Ymr7
PPUCQVbkaDEMIHbahUNlXH7QpC26eQSszEP4pxGSDri4jFhUU1wKyx2uKNRr+1yf
7ESts05w/Zse7OH2wqPxPhYEt4T9o4qr1Dwvki9tqOt/eYEhblFktF11Y3lXPkKQ
B+GfTMWO0j7HMS6/FmOAGMypeb5Ano0I3AlVYWydjfEcVGP0nvcRdmbsYWJWUYro
k22JbNRmpT4MxaFLYDJxv8NC8bztWxQwn6iZ2bafP70cgGPA/t0VoPD8n8ekExhm
9TIFNZBXxcpT4xg0hRh9bD3DQk4oS4padsCB45jAYDVc/gIcnTw=
=zUYh
-----END PGP SIGNATURE-----
