UbuntuUpdates.org

Package "python3-jinja2"

Name: python3-jinja2

Description:

small but fast and easy to use stand-alone template engine
Latest version: 2.8-1ubuntu0.1
Release: xenial (16.04)
Level: updates
Repository: main
Head package: jinja2
Homepage: http://jinja.pocoo.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "python3-jinja2"

All arch deb package
APT INSTALL

Other versions of "python3-jinja2" in Xenial

Repository Area Version
base main 2.8-1
security main 2.8-1ubuntu0.1

Changelog

Version: 2.8-1ubuntu0.1 2019-06-06 13:08:48 UTC

  jinja2 (2.8-1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: sandbox escape via str.format
    - debian/patches/CVE-2016-10745-1.patch: support sandboxing in format
      expressions in jinja2/nodes.py, jinja2/sandbox.py.
    - debian/patches/CVE-2016-10745-2.patch: fix a name error for an
      uncommon attribute access in the sandbox in jinja2/sandbox.py.
    - CVE-2016-10745
  * SECURITY UPDATE: sandbox escape via str.format_map
    - debian/patches/CVE-2019-10906.patch: properly sandbox format_map in
      jinja2/sandbox.py.
    - CVE-2019-10906

 -- Marc Deslauriers <email address hidden> Tue, 14 May 2019 13:35:38 -0400
CVE-2016-10745 In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.
CVE-2019-10906 In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.


About   -   Send Feedback to @ubuntu_updates