[ubuntu/precise-updates] jinja2 2.6-1ubuntu0.2 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Mon May 3 13:31:00 UTC 2021
jinja2 (2.6-1ubuntu0.2) precise-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: sandbox escape via str.format
- debian/patches/CVE-2016-10745-1.patch: support sandboxing in format
expressions in jinja2/nodes.py, jinja2/sandbox.py.
- debian/patches/CVE-2016-10745-2.patch: fix a name error for an
uncommon attribute access in the sandbox in jinja2/sandbox.py.
- debian/patches/CVE-2016-10745-3.patch: adding types and EscapeFormatter
class to support the fixes from this CVE in jinja2/sandbox.py.
- CVE-2016-10745
* SECURITY UPDATE: sandbox escape via str.format_map
- debian/patches/CVE-2019-10906.patch: properly sandbox format_map in
jinja2/sandbox.py.
- CVE-2019-10906
Date: 2019-05-15 16:45:18.086312+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/jinja2/2.6-1ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Precise-changes
mailing list