jinja2 2.8-1ubuntu0.1 source package in Ubuntu
Changelog
jinja2 (2.8-1ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: sandbox escape via str.format
- debian/patches/CVE-2016-10745-1.patch: support sandboxing in format
expressions in jinja2/nodes.py, jinja2/sandbox.py.
- debian/patches/CVE-2016-10745-2.patch: fix a name error for an
uncommon attribute access in the sandbox in jinja2/sandbox.py.
- CVE-2016-10745
* SECURITY UPDATE: sandbox escape via str.format_map
- debian/patches/CVE-2019-10906.patch: properly sandbox format_map in
jinja2/sandbox.py.
- CVE-2019-10906
-- Marc Deslauriers <email address hidden> Tue, 14 May 2019 13:35:38 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Xenial
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- python
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Xenial | updates | main | python | |
| Xenial | security | main | python |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| jinja2_2.8.orig.tar.gz | 348.7 KiB | bc1ff2ff88dbfacefde4ddde471d1417d3b304e8df103a7a9437d47269201bf4 |
| jinja2_2.8-1ubuntu0.1.debian.tar.xz | 8.7 KiB | e193dd1cb5c432695bc98e5ac4fbe02fa275236ea0d17a1e3ad85ef11329ab8d |
| jinja2_2.8-1ubuntu0.1.dsc | 2.3 KiB | dd8547a7506090379648a1da35eaf3bb631bc2c9de263be2ece5451a849f7b8c |
Available diffs
Binary packages built by this source
- python-jinja2: small but fast and easy to use stand-alone template engine
Jinja2 is a template engine written in pure Python. It provides a Django
inspired non-XML syntax but supports inline expressions and an optional
sandboxed environment.
.
The key-features are:
* Configurable syntax. If you are generating LaTeX or other formats with
Jinja2 you can change the delimiters to something that integrates better
into the LaTeX markup.
* Fast. While performance is not the primarily target of Jinja2 it’s
surprisingly fast. The overhead compared to regular Python code was reduced
to the very minimum.
* Easy to debug. Jinja2 integrates directly into the Python traceback system
which allows you to debug Jinja2 templates with regular Python debugging
helpers.
* Secure. It’s possible to evaluate untrusted template code if the optional
sandbox is enabled. This allows Jinja2 to be used as templating language
for applications where users may modify the template design.
- python-jinja2-doc: documentation for the Jinja2 Python library
Jinja2 is a small but fast and easy to use stand-alone template engine
.
This package contains the documentation for Jinja2 in HTML and
reStructuredText formats.
- python3-jinja2: small but fast and easy to use stand-alone template engine
Jinja2 is a template engine written in pure Python. It provides a Django
inspired non-XML syntax but supports inline expressions and an optional
sandboxed environment.
.
The key-features are:
* Configurable syntax. If you are generating LaTeX or other formats with
Jinja2 you can change the delimiters to something that integrates better
into the LaTeX markup.
* Fast. While performance is not the primarily target of Jinja2 it’s
surprisingly fast. The overhead compared to regular Python code was reduced
to the very minimum.
* Easy to debug. Jinja2 integrates directly into the Python traceback system
which allows you to debug Jinja2 templates with regular Python debugging
helpers.
* Secure. It’s possible to evaluate untrusted template code if the optional
sandbox is enabled. This allows Jinja2 to be used as templating language
for applications where users may modify the template design.
