UbuntuUpdates.org

Package "jinja2"

Name: jinja2

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • small but fast and easy to use stand-alone template engine
  • small but fast and easy to use stand-alone template engine
  • documentation for the Jinja2 Python library
  • small but fast and easy to use stand-alone template engine
Latest version: 2.6-1ubuntu0.2
Release: precise (12.04)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "jinja2" in Precise

Repository Area Version
base main 2.6-1
updates main 2.6-1ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.6-1ubuntu0.2 2021-05-03 14:07:21 UTC

  jinja2 (2.6-1ubuntu0.2) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: sandbox escape via str.format
    - debian/patches/CVE-2016-10745-1.patch: support sandboxing in format
      expressions in jinja2/nodes.py, jinja2/sandbox.py.
    - debian/patches/CVE-2016-10745-2.patch: fix a name error for an
      uncommon attribute access in the sandbox in jinja2/sandbox.py.
    - debian/patches/CVE-2016-10745-3.patch: adding types and EscapeFormatter
      class to support the fixes from this CVE in jinja2/sandbox.py.
    - CVE-2016-10745
  * SECURITY UPDATE: sandbox escape via str.format_map
    - debian/patches/CVE-2019-10906.patch: properly sandbox format_map in
      jinja2/sandbox.py.
    - CVE-2019-10906

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 15 May 2019 10:40:54 -0300
Source diff to previous version
CVE-2016-10745 In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.
CVE-2019-10906 In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.

Version: 2.6-1ubuntu0.1 2014-07-24 14:06:30 UTC

  jinja2 (2.6-1ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: insecure temp dir usage
    - debian/patches/CVE-2014-1402.patch: create a subdirectory owned by
      the user
    - debian/patches/CVE-2014-0012.patch: if directory exists, make sure
      it has appropriate permissions
    - CVE-2014-1402
    - CVE-2014-0012
 -- Marc Deslauriers <email address hidden> Tue, 22 Jul 2014 11:15:08 -0400
CVE-2014-1402 The default configuration for bccache.FileSystemBytecodeCache in ...
CVE-2014-0012 FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create ...


About   -   Send Feedback to @ubuntu_updates