Publishing details

Published on 2019-06-06
Copied from ubuntu xenial in PPA for Ubuntu Security Proposed by Marc Deslauriers

Changelog

jinja2 (2.8-1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: sandbox escape via str.format
    - debian/patches/CVE-2016-10745-1.patch: support sandboxing in format
      expressions in jinja2/nodes.py, jinja2/sandbox.py.
    - debian/patches/CVE-2016-10745-2.patch: fix a name error for an
      uncommon attribute access in the sandbox in jinja2/sandbox.py.
    - CVE-2016-10745
  * SECURITY UPDATE: sandbox escape via str.format_map
    - debian/patches/CVE-2019-10906.patch: properly sandbox format_map in
      jinja2/sandbox.py.
    - CVE-2019-10906

 -- Marc Deslauriers <email address hidden>  Tue, 14 May 2019 13:35:38 -0400

Available diffs

diff from 2.8-1 (in Debian) to 2.8-1ubuntu0.1 (3.9 KiB)

Builds

amd64

Built packages

python-jinja2 small but fast and easy to use stand-alone template engine

python-jinja2-doc documentation for the Jinja2 Python library

python3-jinja2 small but fast and easy to use stand-alone template engine

Package files

jinja2_2.8-1ubuntu0.1.debian.tar.xz (8.7 KiB)
jinja2_2.8-1ubuntu0.1.dsc (2.3 KiB)
jinja2_2.8.orig.tar.gz (348.7 KiB)
python-jinja2-doc_2.8-1ubuntu0.1_all.deb (226.9 KiB)
python-jinja2_2.8-1ubuntu0.1_all.deb (103.2 KiB)
python3-jinja2_2.8-1ubuntu0.1_all.deb (101.6 KiB)