jinja2 2.8-1ubuntu0.1 source package in Ubuntu

Changelog

jinja2 (2.8-1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: sandbox escape via str.format
    - debian/patches/CVE-2016-10745-1.patch: support sandboxing in format
      expressions in jinja2/nodes.py, jinja2/sandbox.py.
    - debian/patches/CVE-2016-10745-2.patch: fix a name error for an
      uncommon attribute access in the sandbox in jinja2/sandbox.py.
    - CVE-2016-10745
  * SECURITY UPDATE: sandbox escape via str.format_map
    - debian/patches/CVE-2019-10906.patch: properly sandbox format_map in
      jinja2/sandbox.py.
    - CVE-2019-10906

 -- Marc Deslauriers <email address hidden>  Tue, 14 May 2019 13:35:38 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2019-05-14
Uploaded to:
Xenial
Original maintainer:
Ubuntu Developers
Architectures:
all
Section:
python
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Xenial updates on 2019-06-06 main python
Xenial security on 2019-06-06 main python

Builds

Xenial: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
jinja2_2.8.orig.tar.gz 348.7 KiB bc1ff2ff88dbfacefde4ddde471d1417d3b304e8df103a7a9437d47269201bf4
jinja2_2.8-1ubuntu0.1.debian.tar.xz 8.7 KiB e193dd1cb5c432695bc98e5ac4fbe02fa275236ea0d17a1e3ad85ef11329ab8d
jinja2_2.8-1ubuntu0.1.dsc 2.3 KiB dd8547a7506090379648a1da35eaf3bb631bc2c9de263be2ece5451a849f7b8c

View changes file

Binary packages built by this source

python-jinja2: small but fast and easy to use stand-alone template engine

 Jinja2 is a template engine written in pure Python. It provides a Django
 inspired non-XML syntax but supports inline expressions and an optional
 sandboxed environment.
 .
 The key-features are:
  * Configurable syntax. If you are generating LaTeX or other formats with
    Jinja2 you can change the delimiters to something that integrates better
    into the LaTeX markup.
  * Fast. While performance is not the primarily target of Jinja2 it’s
    surprisingly fast. The overhead compared to regular Python code was reduced
    to the very minimum.
  * Easy to debug. Jinja2 integrates directly into the Python traceback system
    which allows you to debug Jinja2 templates with regular Python debugging
    helpers.
  * Secure. It’s possible to evaluate untrusted template code if the optional
    sandbox is enabled. This allows Jinja2 to be used as templating language
    for applications where users may modify the template design.

python-jinja2-doc: documentation for the Jinja2 Python library

 Jinja2 is a small but fast and easy to use stand-alone template engine
 .
 This package contains the documentation for Jinja2 in HTML and
 reStructuredText formats.

python3-jinja2: small but fast and easy to use stand-alone template engine

 Jinja2 is a template engine written in pure Python. It provides a Django
 inspired non-XML syntax but supports inline expressions and an optional
 sandboxed environment.
 .
 The key-features are:
  * Configurable syntax. If you are generating LaTeX or other formats with
    Jinja2 you can change the delimiters to something that integrates better
    into the LaTeX markup.
  * Fast. While performance is not the primarily target of Jinja2 it’s
    surprisingly fast. The overhead compared to regular Python code was reduced
    to the very minimum.
  * Easy to debug. Jinja2 integrates directly into the Python traceback system
    which allows you to debug Jinja2 templates with regular Python debugging
    helpers.
  * Secure. It’s possible to evaluate untrusted template code if the optional
    sandbox is enabled. This allows Jinja2 to be used as templating language
    for applications where users may modify the template design.