You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa jinja2

Sigurnosni nedostatak programskog paketa jinja2

——————————————————————————–
Fedora Update Notification
FEDORA-2014-7399
2014-06-15 01:12:10
——————————————————————————–

Name : python-jinja2
Product : Fedora 19
Version : 2.6
Release : 7.fc19
URL : http://jinja.pocoo.org/
Summary : General purpose template engine
Description :
Jinja2 is a template engine written in pure Python. It provides a
Django inspired non-XML syntax but supports inline expressions and an
optional sandboxed environment.

If you have any exposure to other text-based template languages, such
as Smarty or Django, you should feel right at home with Jinja2. It’s
both designer and developer friendly by sticking to Python’s
principles and adding functionality useful for templating
environments.

——————————————————————————–
Update Information:

Add patch to fix CVE-2014-1402.
——————————————————————————–
ChangeLog:

* Fri Jun 13 2014 Thomas Moschny <thomas.moschny@gmx.de> – 2.6-7
– Fix CVE-2014-1402 (using patch from RHSA-2014:0748).
——————————————————————————–
References:

[ 1 ] Bug #1051421 – CVE-2014-1402 python-jinja2: FileSystemBytecodeCache insecure cache temporary file use
https://bugzilla.redhat.com/show_bug.cgi?id=1051421
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update python-jinja2’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

——————————————————————————–
Fedora Update Notification
FEDORA-2014-7166
2014-06-10 01:53:26
——————————————————————————–

Name : python-jinja2
Product : Fedora 20
Version : 2.7.3
Release : 1.fc20
URL : http://jinja.pocoo.org/
Summary : General purpose template engine
Description :
Jinja2 is a template engine written in pure Python. It provides a
Django inspired non-XML syntax but supports inline expressions and an
optional sandboxed environment.

If you have any exposure to other text-based template languages, such
as Smarty or Django, you should feel right at home with Jinja2. It’s
both designer and developer friendly by sticking to Python’s
principles and adding functionality useful for templating
environments.

——————————————————————————–
Update Information:

Version 2.7.3
————-
(bugfix release, released on June 6th 2014)

– Security issue: Corrected the security fix for the cache folder. This fix was provided by RedHat.

Version 2.7.2
————-
(bugfix release, released on January 10th 2014)

– Prefix loader was not forwarding the locals properly to inner loaders. This is now fixed.
– Security issue: Changed the default folder for the filesystem cache to be user specific and read and write protected on UNIX systems. See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747 for more information.
——————————————————————————–
ChangeLog:

* Sat Jun 7 2014 Thomas Moschny <thomas.moschny@gmx.de> – 2.7.3-1
– Update to 2.7.3.
– Reenable docs.
* Sat May 10 2014 Orion Poplawski <orion@cora.nwra.com> – 2.7.2-2
– Bootstrap (without docs) build for Python 3.4
* Fri Jan 10 2014 Thomas Moschny <thomas.moschny@gmx.de> – 2.7.2-1
– Update to 2.7.2.
– Update python3 conditional.
——————————————————————————–
References:

[ 1 ] Bug #1051421 – CVE-2014-1402 python-jinja2: FileSystemBytecodeCache insecure cache temporary file use
https://bugzilla.redhat.com/show_bug.cgi?id=1051421
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update python-jinja2’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa iodine

Otkriven je sigurnosni nedostatak u programskom paketu iodine. Otkriveni nedostatak potencijalnim napadačima omogućuje zaobilaženje autentikacije. Svim korisnicima savjetuje se nadogradnja.

Close