-
jinja2 (3.1.3-1ubuntu1) oracular; urgency=medium
* SECURITY UPDATE: Cross-Site scripting in xmlattr filter
- debian/patches/CVE-2024-34064.patch: disallow invalid characters
in keys to xmlattr filter
- CVE-2024-34064
-- Nick Galanis <email address hidden> Wed, 29 May 2024 10:42:12 +0100
-
jinja2 (3.1.3-1) unstable; urgency=medium
* Team upload.
* New upstream version 3.1.3 (Closes: #1060748)
* CVE-2024-22195: HTML attribute injection when passing user input as
keys to xmlattr filter
-- Hans-Christoph Steiner <email address hidden> Tue, 05 Mar 2024 09:32:06 +0100
-
jinja2 (3.1.2-1ubuntu1) noble; urgency=medium
* SECURITY UPDATE: Cross-Site scripting
- debian/patches/CVE-2024-22195.patch: disallow keys with spaces
in jinja2/filters.py, tests/test_filters.py.
- CVE-2024-22195
-- Leonidas Da Silva Barbosa <email address hidden> Thu, 18 Jan 2024 08:40:53 -0300
