Package "python3-jinja2"

Name:	python3-jinja2
Description:	small but fast and easy to use stand-alone template engine
Latest version:	2.8-1ubuntu0.1
Release:	xenial (16.04)
Level:	updates
Repository:	main
Head package:	jinja2
Homepage:	http://jinja.pocoo.org/

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "python3-jinja2"

All arch deb package

APT INSTALL

Other versions of "python3-jinja2" in Xenial

Repository	Area	Version
base	main	2.8-1
security	main	2.8-1ubuntu0.1

Changelog

Version: 2.8-1ubuntu0.1 2019-06-06 13:08:48 UTC

jinja2 (2.8-1ubuntu0.1) xenial-security; urgency=medium * SECURITY UPDATE: sandbox escape via str.format - debian/patches/CVE-2016-10745-1.patch: support sandboxing in format expressions in jinja2/nodes.py, jinja2/sandbox.py. - debian/patches/CVE-2016-10745-2.patch: fix a name error for an uncommon attribute access in the sandbox in jinja2/sandbox.py. - CVE-2016-10745 * SECURITY UPDATE: sandbox escape via str.format_map - debian/patches/CVE-2019-10906.patch: properly sandbox format_map in jinja2/sandbox.py. - CVE-2019-10906 -- Marc Deslauriers <email address hidden> Tue, 14 May 2019 13:35:38 -0400

CVE-2016-10745	In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.
CVE-2019-10906	In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.

About - Send Feedback to @ubuntu_updates

Package "python3-jinja2"

Links

Download "python3-jinja2"

Other versions of "python3-jinja2" in Xenial

Changelog

Share this page

Bookmarks

Latest updates

updates

proposed

security

PPA updates