UbuntuUpdates.org

Package "jinja2"

Name: jinja2

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • documentation for the Jinja2 Python library
Latest version: 3.1.2-1ubuntu1.3
Release: noble (24.04)
Level: updates
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "jinja2" in Noble

Repository Area Version
base universe 3.1.2-1ubuntu1
base main 3.1.2-1ubuntu1
security main 3.1.2-1ubuntu1.3
security universe 3.1.2-1ubuntu1.3
updates main 3.1.2-1ubuntu1.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.1.2-1ubuntu1.3 2025-03-11 23:07:05 UTC

  jinja2 (3.1.2-1ubuntu1.3) noble-security; urgency=medium

  * SECURITY UPDATE: Arbitrary code execution via |attr filter bypass
    - debian/patches/CVE-2025-27516.patch: attr filter uses env.getattr
    - CVE-2025-27516

 -- John Breton <email address hidden> Mon, 10 Mar 2025 12:56:35 -0400
Source diff to previous version
CVE-2025-27516 Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows

Version: 3.1.2-1ubuntu1.2 2025-01-30 05:06:52 UTC

  jinja2 (3.1.2-1ubuntu1.2) noble-security; urgency=medium

  * SECURITY UPDATE: arbitrary code execution issue in jinja compiler
    - debian/patches/CVE-2024-56201.patch: f-string syntax handling in code
      generation improved in src/jinja2/compiler.py.
    - debian/patches/CVE-2024-56326.patch: oversight on calls to str.format
      adjusted in src/jinja2/sandbox.py.
    - CVE-2024-56201
    - CVE-2024-56326

 -- Evan Caville <email address hidden> Mon, 06 Jan 2025 14:55:29 +1000
Source diff to previous version
CVE-2024-56201 Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls
CVE-2024-56326 Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an a

Version: 3.1.2-1ubuntu1.1 2024-05-28 14:07:19 UTC

  jinja2 (3.1.2-1ubuntu1.1) noble-security; urgency=medium

  * SECURITY UPDATE: Cross-Site scripting in xmlattr filter
    - debian/patches/CVE-2024-34064.patch: disallow invalid characters
      in keys to xmlattr filter
    - CVE-2024-34064

 -- Nick Galanis <email address hidden> Tue, 21 May 2024 15:32:08 +0100
CVE-2024-34064 Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HT


About   -   Send Feedback to @ubuntu_updates