[ubuntu/oracular-security] jinja2 3.1.3-1ubuntu1.24.10.1 (Accepted)
Evan Caville
evan.caville at canonical.com
Thu Jan 30 00:37:59 UTC 2025
jinja2 (3.1.3-1ubuntu1.24.10.1) oracular-security; urgency=medium
* SECURITY UPDATE: arbitrary code execution issue in jinja compiler
- debian/patches/CVE-2024-56201.patch: f-string syntax handling in code
generation improved in src/jinja2/compiler.py.
- debian/patches/CVE-2024-56326.patch: oversight on calls to str.format
adjusted in src/jinja2/sandbox.py.
- CVE-2024-56201
- CVE-2024-56326
Date: 2025-01-21 00:50:11.585075+00:00
Changed-By: Evan Caville <evan.caville at canonical.com>
https://launchpad.net/ubuntu/+source/jinja2/3.1.3-1ubuntu1.24.10.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the oracular-changes
mailing list