UbuntuUpdates.org

Package "jinja2"

Name: jinja2

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • documentation for the Jinja2 Python library

Latest version: 3.0.3-1ubuntu0.2
Release: jammy (22.04)
Level: security
Repository: universe

Links



Other versions of "jinja2" in Jammy

Repository Area Version
base main 3.0.3-1
base universe 3.0.3-1
security main 3.0.3-1ubuntu0.2
updates main 3.0.3-1ubuntu0.2
updates universe 3.0.3-1ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.0.3-1ubuntu0.2 2024-05-28 13:07:13 UTC

  jinja2 (3.0.3-1ubuntu0.2) jammy-security; urgency=medium

  * SECURITY UPDATE: Cross-Site scripting in xmlattr filter
    - debian/patches/CVE-2024-34064.patch: disallow invalid characters
      in keys to xmlattr filter
    - CVE-2024-34064

 -- Nick Galanis <email address hidden> Tue, 21 May 2024 13:05:09 +0100

Source diff to previous version
CVE-2024-34064 Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HT

Version: 3.0.3-1ubuntu0.1 2024-01-25 17:12:15 UTC

  jinja2 (3.0.3-1ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Cross-Site scripting
    - debian/patches/CVE-2024-22195.patch: disallow keys with spaces
      in src/jinja2/filters.py, tests/test_filters.py.
    - CVE-2024-22195

 -- Leonidas Da Silva Barbosa <email address hidden> Fri, 19 Jan 2024 07:56:33 -0300

CVE-2024-22195 Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject



About   -   Send Feedback to @ubuntu_updates