Package "jinja2"

Name: jinja2


This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • small but fast and easy to use stand-alone template engine
  • documentation for the Jinja2 Python library

Latest version: 2.10.1-2ubuntu0.3
Release: focal (20.04)
Level: updates
Repository: universe


Other versions of "jinja2" in Focal

Repository Area Version
base main 2.10.1-2
base universe 2.10.1-2
security main 2.10.1-2ubuntu0.3
security universe 2.10.1-2ubuntu0.3
updates main 2.10.1-2ubuntu0.3

Packages in group

Deleted packages are displayed in grey.


Version: 2.10.1-2ubuntu0.3 2024-05-28 14:07:09 UTC

  jinja2 (2.10.1-2ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: Cross-Site scripting in xmlattr filter
    - debian/patches/CVE-2024-34064.patch: disallow invalid characters
      in keys to xmlattr filter
    - CVE-2024-34064

 -- Nick Galanis <email address hidden> Tue, 21 May 2024 09:35:36 +0100

Source diff to previous version
CVE-2024-34064 Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HT

Version: 2.10.1-2ubuntu0.2 2024-01-25 19:12:26 UTC

  jinja2 (2.10.1-2ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: regular expression DoS
    - debian/patches/CVE-2020-28493.patch: rewrite regex match for
      punctuation in urlize() in jinja2/utils.py.
    - CVE-2020-28493
  * SECURITY UPDATE: Cross-Site scripting
    - debian/patches/CVE-2024-22195.patch: disallow keys with spaces
      in jinja2/filters.py, tests/test_filters.py.
    - CVE-2024-22195

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 22 Jan 2024 07:14:05 -0300

CVE-2020-28493 This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its u
CVE-2024-22195 Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject

About   -   Send Feedback to @ubuntu_updates