[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: jinja2 update for CVE-2019-10906/CVE-2016-10745

Hi Moritz,

> I've never used that myself either, but reading up on the documentation
> it's so full of caveats that I doubt these are really severe issues. Unless
> someone has credible clams of the contrary I'm inclined to mark these as
> no-dsa for stretch.

Thanks. We'll go for no-dsa in jessie as well.

I see you have marked CVE-2016-10745 no-dsa in stretch but not

Fixing CVE-2019-10906 without CVE-2016-10745 does not make much sense to
me, so I assumed it was oversight and marked CVE-2019-10906 no-dsa in
stretch as well.


                Hugo Lefeuvre (hle)    |    www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C

Attachment: signature.asc
Description: PGP signature

Reply to: