-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 12 Apr 2025 14:01:07 -0300 Source: jinja2 Architecture: source Version: 2.11.3-1+deb11u3 Distribution: bullseye-security Urgency: medium Maintainer: Piotr Ożarowski <piotr@debian.org> Changed-By: Lucas Kanashiro <kanashiro@debian.org> Changes: jinja2 (2.11.3-1+deb11u3) bullseye-security; urgency=medium . * Non-maintainer upload by the LTS team. * Fix CVE-2024-56326. An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. - d/p/CVE-2024-56326_*.patch * Fix CVE-2025-27516. An oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. - d/p/CVE-2025-27516.patch Checksums-Sha1: 86baecfedd10140a8755475cf23f27387e6d48ac 2283 jinja2_2.11.3-1+deb11u3.dsc 034173d87c9c5d1c2000f337be45b582dc0eb172 257589 jinja2_2.11.3.orig.tar.gz 09f42fcfb18bdce06e0f6aa5c73b2fa2d8144eb7 12684 jinja2_2.11.3-1+deb11u3.debian.tar.xz 16b067144c6c7d03a91001d3324a17347942c0db 7435 jinja2_2.11.3-1+deb11u3_source.buildinfo Checksums-Sha256: 3cc47450b30168894d9c203930c35ebf97f6af8f6ee747f23b8102e3006c4543 2283 jinja2_2.11.3-1+deb11u3.dsc a6d58433de0ae800347cab1fa3043cebbabe8baa9d29e668f1c768cb87a333c6 257589 jinja2_2.11.3.orig.tar.gz 132df82abc934ef950fc792dcef7173dfbf22bfd2aa4b5802fff8b764f5e90ec 12684 jinja2_2.11.3-1+deb11u3.debian.tar.xz 7f56e5bf5ca58558720b74e187c4f7e127bf4e8c0917ed29448652ba217a3b4d 7435 jinja2_2.11.3-1+deb11u3_source.buildinfo Files: 6698017b601aa247a55b20e3cde85517 2283 python optional jinja2_2.11.3-1+deb11u3.dsc 231dc00d34afb2672c497713fa9cdaaa 257589 python optional jinja2_2.11.3.orig.tar.gz 698928153a217a7245068c453ce3de58 12684 python optional jinja2_2.11.3-1+deb11u3.debian.tar.xz 72bcc4e46e1efc0a015828577f45264c 7435 python optional jinja2_2.11.3-1+deb11u3_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJJBAEBCgAzFiEEjtbD+LrJ23/BMKhw+COicpiDyXwFAmf79MoVHGthbmFzaGly b0BkZWJpYW4ub3JnAAoJEPgjonKYg8l8ZVgP/2zjx8PIpUqYT7uLNy2j/Hmt6320 w8/M4HKj1eD7PPDHFMtK/MM3S5Kkr69CL4+wMSI8b8DrNcIvsaxuhtaN7jvsN5U7 CLjLAZ2LR+ygVltrzP4cJLmY8wVYlur1ZPYa1kQA8wloqd7qLqO14qZOW0oLI0SN j+NrlGhiV6p9v7XHaHA9MghDJSf+1B2EkILPQ05dvveksRBlRiu6xa3y9PXItabx i68sROZF4/EQgHG7YU89i175aS57QLTdOqaKtNdZ8MywBqrOX5BugSV0n+mR6wtY oj6z4vFm1n2SpgDC2YdRVZbYQLxVuuNg3X60EbD9vnk9XFp+FujSqxt9uaVU4N6p SYd29uLrdPGPBj5pB+sdhrgEb+Vhjp5P+2gb0AFbJZitNqtNnOKPYpMJC8jQBeHN idDZTXOcDGhrxGo9UEuvLEB50Dj9AZoors2QdrOu13nDgKxlbL3zPrhB3O6d0W8T iotDo2fdE/4/MlIiBEtGmbYwC6eFdZa+2HNyGLDNlffyQEwgpLxc6WaIPlsdeqdU S7YjSLdO2llKIiMF/EDcfeHif7GPHLiykH3auWwEzpR93WG4x2oINOCqaYM2bZRz NY0EpBPtVKY6/vNPNXpYOXChLOIk/QBgoFZ6Pm3ZXQiLrI44zrGTcjJUYwqSqtwv T5bYRSO24V7MpPN4 =AHGW -----END PGP SIGNATURE-----
