[ubuntu/noble-security] jinja2 3.1.2-1ubuntu1.2 (Accepted)
Evan Caville
evan.caville at canonical.com
Thu Jan 30 00:38:00 UTC 2025
jinja2 (3.1.2-1ubuntu1.2) noble-security; urgency=medium
* SECURITY UPDATE: arbitrary code execution issue in jinja compiler
- debian/patches/CVE-2024-56201.patch: f-string syntax handling in code
generation improved in src/jinja2/compiler.py.
- debian/patches/CVE-2024-56326.patch: oversight on calls to str.format
adjusted in src/jinja2/sandbox.py.
- CVE-2024-56201
- CVE-2024-56326
Date: 2025-01-24 04:09:11.452791+00:00
Changed-By: Evan Caville <evan.caville at canonical.com>
https://launchpad.net/ubuntu/+source/jinja2/3.1.2-1ubuntu1.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list