[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted jinja2 2.11.3-1+deb11u3 (source) into oldstable-security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 12 Apr 2025 14:01:07 -0300
Source: jinja2
Architecture: source
Version: 2.11.3-1+deb11u3
Distribution: bullseye-security
Urgency: medium
Maintainer: Piotr Ożarowski <piotr@debian.org>
Changed-By: Lucas Kanashiro <kanashiro@debian.org>
Changes:
 jinja2 (2.11.3-1+deb11u3) bullseye-security; urgency=medium
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2024-56326.
     An oversight in how the Jinja sandboxed environment detects calls to
     str.format allows an attacker that controls the content of a template to
     execute arbitrary Python code.
      - d/p/CVE-2024-56326_*.patch
   * Fix CVE-2025-27516.
     An oversight in how the Jinja sandboxed environment interacts with the
     |attr filter allows an attacker that controls the content of a template
     to execute arbitrary Python code.
      - d/p/CVE-2025-27516.patch
Checksums-Sha1:
 86baecfedd10140a8755475cf23f27387e6d48ac 2283 jinja2_2.11.3-1+deb11u3.dsc
 034173d87c9c5d1c2000f337be45b582dc0eb172 257589 jinja2_2.11.3.orig.tar.gz
 09f42fcfb18bdce06e0f6aa5c73b2fa2d8144eb7 12684 jinja2_2.11.3-1+deb11u3.debian.tar.xz
 16b067144c6c7d03a91001d3324a17347942c0db 7435 jinja2_2.11.3-1+deb11u3_source.buildinfo
Checksums-Sha256:
 3cc47450b30168894d9c203930c35ebf97f6af8f6ee747f23b8102e3006c4543 2283 jinja2_2.11.3-1+deb11u3.dsc
 a6d58433de0ae800347cab1fa3043cebbabe8baa9d29e668f1c768cb87a333c6 257589 jinja2_2.11.3.orig.tar.gz
 132df82abc934ef950fc792dcef7173dfbf22bfd2aa4b5802fff8b764f5e90ec 12684 jinja2_2.11.3-1+deb11u3.debian.tar.xz
 7f56e5bf5ca58558720b74e187c4f7e127bf4e8c0917ed29448652ba217a3b4d 7435 jinja2_2.11.3-1+deb11u3_source.buildinfo
Files:
 6698017b601aa247a55b20e3cde85517 2283 python optional jinja2_2.11.3-1+deb11u3.dsc
 231dc00d34afb2672c497713fa9cdaaa 257589 python optional jinja2_2.11.3.orig.tar.gz
 698928153a217a7245068c453ce3de58 12684 python optional jinja2_2.11.3-1+deb11u3.debian.tar.xz
 72bcc4e46e1efc0a015828577f45264c 7435 python optional jinja2_2.11.3-1+deb11u3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCgAzFiEEjtbD+LrJ23/BMKhw+COicpiDyXwFAmf79MoVHGthbmFzaGly
b0BkZWJpYW4ub3JnAAoJEPgjonKYg8l8ZVgP/2zjx8PIpUqYT7uLNy2j/Hmt6320
w8/M4HKj1eD7PPDHFMtK/MM3S5Kkr69CL4+wMSI8b8DrNcIvsaxuhtaN7jvsN5U7
CLjLAZ2LR+ygVltrzP4cJLmY8wVYlur1ZPYa1kQA8wloqd7qLqO14qZOW0oLI0SN
j+NrlGhiV6p9v7XHaHA9MghDJSf+1B2EkILPQ05dvveksRBlRiu6xa3y9PXItabx
i68sROZF4/EQgHG7YU89i175aS57QLTdOqaKtNdZ8MywBqrOX5BugSV0n+mR6wtY
oj6z4vFm1n2SpgDC2YdRVZbYQLxVuuNg3X60EbD9vnk9XFp+FujSqxt9uaVU4N6p
SYd29uLrdPGPBj5pB+sdhrgEb+Vhjp5P+2gb0AFbJZitNqtNnOKPYpMJC8jQBeHN
idDZTXOcDGhrxGo9UEuvLEB50Dj9AZoors2QdrOu13nDgKxlbL3zPrhB3O6d0W8T
iotDo2fdE/4/MlIiBEtGmbYwC6eFdZa+2HNyGLDNlffyQEwgpLxc6WaIPlsdeqdU
S7YjSLdO2llKIiMF/EDcfeHif7GPHLiykH3auWwEzpR93WG4x2oINOCqaYM2bZRz
NY0EpBPtVKY6/vNPNXpYOXChLOIk/QBgoFZ6Pm3ZXQiLrI44zrGTcjJUYwqSqtwv
T5bYRSO24V7MpPN4
=AHGW
-----END PGP SIGNATURE-----

Attachment: pgphOjUli7udP.pgp
Description: PGP signature

Reply to: