|
|
Log in / Subscribe / Register

Debian alert DLA-3988-1 (jinja2)



From:
              Adrian Bunk <bunk@debian.org>


To:
              debian-lts-announce@lists.debian.org


Subject:
              [SECURITY] [DLA 3988-1] jinja2 security update


Date:
              Mon, 09 Dec 2024 00:28:33 +0200


Message-ID:
              <Z1YdkZMzyEazOJhd@localhost>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3988-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
December 09, 2024                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : jinja2
Version        : 2.11.3-1+deb11u1
CVE ID         : CVE-2024-22195 CVE-2024-34064
Debian Bug     : 1060748 1070712

HTML attribute injection has been fixed in Jinja, a Python templating engine.

For Debian 11 bullseye, these problems have been fixed in version
2.11.3-1+deb11u1.

We recommend that you upgrade your jinja2 packages.

For the detailed security status of jinja2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/jinja2

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmdWHZEACgkQiNJCh6LY
mLEe/hAAgNxzUNH8+AlkpaNiSiVCqaCOY/xutje4K7OgRu+z734pkIsBGxqEwJ6G
mmexJAQdq6BFxnePHcwByB/FwVTSXZk1deqePpzmwkXPCJ0JJ7RyHRZhOyTpQwKf
D0bS73ug0Fgac/ynbwYINiZtM7G5/Nz5s+bZfzdJwZJbwBkad+QfDPtc93drECio
ai2pw7egLeWW6E1Zo9/5Aryum1Rw0Mz2FU7/yLkdnCECKUqUpgdcH35aWl9jmIvb
CFMRwnUUWMU6YGLJulO6EEifjgASrOpjNizP1hSyUWhCL4xHKoV968ujCVPEANLN
qkTcGjPNbl4Dlvq47qNtLGY6xNgV2e5vX5Q1o7jDuA7EjM/oybRTlAxYT1rExO0a
EQbI/D8vgnaA3+xrjC8zJUDMmv10ss1C0s+RPHxKEzx4xl7vXtoumtWtsp6Fjf53
H1K4xzy/FvB92iMYPQZj8dfZI63M8zlPXzIPBZegUIt9sUWUJlAMoEI+qrij+2Nv
qioYs8HdpBlxScnENMVe7L8Ta1O78qZNwa9svjXjMTfpZsBv4K9ZQLZrf1CtndHG
N+N1fIfgWXCXpVUkgSWYbOD37tZLTXJboLZQ9YVwSmBFXaCFv0ioD59icAt4doOD
nRQwCdBin9lGty32jko0C5XSd1KE7dn0YiM99hSbcpDQQVaw92A=
=KRwc
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds