Package "python-jinja2-doc"
Name: |
python-jinja2-doc
|
Description: |
documentation for the Jinja2 Python library
|
Latest version: |
2.6-1ubuntu0.2 |
Release: |
precise (12.04) |
Level: |
security |
Repository: |
main |
Head package: |
jinja2 |
Homepage: |
http://jinja.pocoo.org/2/ |
Links
Download "python-jinja2-doc"
Other versions of "python-jinja2-doc" in Precise
Changelog
jinja2 (2.6-1ubuntu0.2) precise-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: sandbox escape via str.format
- debian/patches/CVE-2016-10745-1.patch: support sandboxing in format
expressions in jinja2/nodes.py, jinja2/sandbox.py.
- debian/patches/CVE-2016-10745-2.patch: fix a name error for an
uncommon attribute access in the sandbox in jinja2/sandbox.py.
- debian/patches/CVE-2016-10745-3.patch: adding types and EscapeFormatter
class to support the fixes from this CVE in jinja2/sandbox.py.
- CVE-2016-10745
* SECURITY UPDATE: sandbox escape via str.format_map
- debian/patches/CVE-2019-10906.patch: properly sandbox format_map in
jinja2/sandbox.py.
- CVE-2019-10906
-- <email address hidden> (Leonidas S. Barbosa) Wed, 15 May 2019 10:40:54 -0300
|
Source diff to previous version |
CVE-2016-10745 |
In Pallets Jinja before 2.8.1, str.format allows a sandbox escape. |
CVE-2019-10906 |
In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. |
|
jinja2 (2.6-1ubuntu0.1) precise-security; urgency=medium
* SECURITY UPDATE: insecure temp dir usage
- debian/patches/CVE-2014-1402.patch: create a subdirectory owned by
the user
- debian/patches/CVE-2014-0012.patch: if directory exists, make sure
it has appropriate permissions
- CVE-2014-1402
- CVE-2014-0012
-- Marc Deslauriers <email address hidden> Tue, 22 Jul 2014 11:15:08 -0400
|
CVE-2014-1402 |
The default configuration for bccache.FileSystemBytecodeCache in ... |
CVE-2014-0012 |
FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create ... |
|
About
-
Send Feedback to @ubuntu_updates