[ubuntu/jammy-security] jinja2 3.0.3-1ubuntu0.3 (Accepted)
Evan Caville
evan.caville at canonical.com
Thu Jan 30 00:38:03 UTC 2025
jinja2 (3.0.3-1ubuntu0.3) jammy-security; urgency=medium
* SECURITY UPDATE: arbitrary code execution issue in jinja compiler
- debian/patches/CVE-2024-56201.patch: f-string syntax handling in code
generation improved in src/jinja2/compiler.py.
- debian/patches/CVE-2024-56326.patch: oversight on calls to str.format
adjusted in src/jinja2/sandbox.py.
- CVE-2024-56201
- CVE-2024-56326
Date: 2025-01-21 00:50:19.060704+00:00
Changed-By: Evan Caville <evan.caville at canonical.com>
https://launchpad.net/ubuntu/+source/jinja2/3.0.3-1ubuntu0.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list