Package "jinja2"

Name:	jinja2
Description:	This package is just an umbrella for a group of other packages, it has no description. Description samples from packages in group: small but fast and easy to use stand-alone template engine documentation for the Jinja2 Python library small but fast and easy to use stand-alone template engine
Latest version:	2.8-1ubuntu0.1
Release:	xenial (16.04)
Level:	updates
Repository:	main

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Other versions of "jinja2" in Xenial

Repository	Area	Version
base	main	2.8-1
security	main	2.8-1ubuntu0.1

Packages in group

Deleted packages are displayed in grey.

Changelog

Version: 2.8-1ubuntu0.1 2019-06-06 13:08:48 UTC

jinja2 (2.8-1ubuntu0.1) xenial-security; urgency=medium * SECURITY UPDATE: sandbox escape via str.format - debian/patches/CVE-2016-10745-1.patch: support sandboxing in format expressions in jinja2/nodes.py, jinja2/sandbox.py. - debian/patches/CVE-2016-10745-2.patch: fix a name error for an uncommon attribute access in the sandbox in jinja2/sandbox.py. - CVE-2016-10745 * SECURITY UPDATE: sandbox escape via str.format_map - debian/patches/CVE-2019-10906.patch: properly sandbox format_map in jinja2/sandbox.py. - CVE-2019-10906 -- Marc Deslauriers <email address hidden> Tue, 14 May 2019 13:35:38 -0400

CVE-2016-10745	In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.
CVE-2019-10906	In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.

About - Send Feedback to @ubuntu_updates

Package "jinja2"

Links

Other versions of "jinja2" in Xenial

Packages in group

Changelog

Share this page

Bookmarks

Latest updates

updates

security

PPA updates