UbuntuUpdates.org

Package "openrefine"

Name: openrefine

Description:

powerful tool for working with messy data
Latest version: 3.7.8-1ubuntu0.1
Release: oracular (24.10)
Level: security
Repository: universe
Homepage: https://openrefine.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "openrefine"

All arch deb package
APT INSTALL

Other versions of "openrefine" in Oracular

Repository Area Version
base universe 3.7.8-1
updates universe 3.7.8-1ubuntu0.1

Changelog

Version: 3.7.8-1ubuntu0.1 2025-02-10 02:06:49 UTC

  openrefine (3.7.8-1ubuntu0.1) oracular-security; urgency=medium

  * SECURITY UPDATE: Information leak
    - debian/patches/CVE-2024-49760.patch: Restricts the loading of
      files to their expected subdirectory
    - CVE-2024-49760
  * SECURITY UPDATE: Remote code execution
    - debian/patches/CVE-2024-47878.patch: gdata: Check cb parameter in
      authorized command
    - debian/patches/CVE-2024-47880.patch: Drop support for contentType
      parameter
    - debian/patches/CVE-2024-47881.patch: Add restrictions when opening
      SQLite databases via the database extension
    - debian/patches/CVE-2024-47882.patch: Escape error and stack trace
    - CVE-2024-47878
    - CVE-2024-47880
    - CVE-2024-47881
    - CVE-2024-47882
  * SECURITY UPDATE: Cross site request forgery
    - debian/patches/CVE-2024-47879.patch: Add CSRF protection to
      commands that evaluate expressions
    - CVE-2024-47879

 -- Bruce Cable <email address hidden> Thu, 06 Feb 2025 16:09:30 +1100
CVE-2024-49760 OpenRefine is a free, open source tool for working with messy data. The load-language command expects a `lang` parameter from which it constructs the
CVE-2024-47878 OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the `/extension/gdata/authorized` endpoint includes the `
CVE-2024-47880 OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the `export-rows` command can be used in such a way that
CVE-2024-47881 OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the `database` extens
CVE-2024-47882 OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the built-in "Something went wrong!" error page includes
CVE-2024-47879 OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the `pre


About   -   Send Feedback to @ubuntu_updates