UbuntuUpdates.org

Package "python-jinja2-doc"

Name: python-jinja2-doc

Description:

documentation for the Jinja2 Python library

Latest version: 2.8-1ubuntu0.1
Release: xenial (16.04)
Level: security
Repository: main
Head package: jinja2
Homepage: http://jinja.pocoo.org/

Links


Download "python-jinja2-doc"


Other versions of "python-jinja2-doc" in Xenial

Repository Area Version
base main 2.8-1
updates main 2.8-1ubuntu0.1

Changelog

Version: 2.8-1ubuntu0.1 2019-06-06 13:08:45 UTC

  jinja2 (2.8-1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: sandbox escape via str.format
    - debian/patches/CVE-2016-10745-1.patch: support sandboxing in format
      expressions in jinja2/nodes.py, jinja2/sandbox.py.
    - debian/patches/CVE-2016-10745-2.patch: fix a name error for an
      uncommon attribute access in the sandbox in jinja2/sandbox.py.
    - CVE-2016-10745
  * SECURITY UPDATE: sandbox escape via str.format_map
    - debian/patches/CVE-2019-10906.patch: properly sandbox format_map in
      jinja2/sandbox.py.
    - CVE-2019-10906

 -- Marc Deslauriers <email address hidden> Tue, 14 May 2019 13:35:38 -0400

CVE-2016-10745 In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.
CVE-2019-10906 In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.



About   -   Send Feedback to @ubuntu_updates