Hello community,
here is the log from the commit of package patchinfo.5670 for
openSUSE:13.2:Update checked in at 2016-10-06 11:48:54
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.2:Update/patchinfo.5670 (Old)
and /work/SRC/openSUSE:13.2:Update/.patchinfo.5670.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.5670"
Changes:
--------
New Changes file:
NO CHANGES FILE!!!
New:
----
_patchinfo
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ _patchinfo ++++++
<patchinfo incident="5670">
<issue id="858239" tracker="bnc">VUL-0: CVE-2014-1402: python-Jinja2:
arbitrary code execution vulnerability</issue>
<issue id="2014-0012" tracker="cve" />
<category>security</category>
<rating>important</rating>
<packager>scarabeus_iv</packager>
<description>
This update for python-Jinja2 fixes the following issues:
Update to version 2.8:
- Added `target` parameter to urlize function.
- Added support for `followsymlinks` to the file system loader.
- The truncate filter now counts the length.
- Added equalto filter that helps with select filters.
- Changed cache keys to use absolute file names if available
instead of load names.
- Fixed loop length calculation for some iterators.
- Changed how Jinja2 enforces strings to be native strings in
Python 2 to work when people break their default encoding.
- Added :func:`make_logging_undefined` which returns an undefined
object that logs failures into a logger.
- If unmarshalling of cached data fails the template will be
reloaded now.
- Implemented a block ``set`` tag.
- Default cache size was incrased to 400 from a low 50.
- Fixed ``is number`` test to accept long integers in all Python versions.
- Changed ``is number`` to accept Decimal as a number.
- Added a check for default arguments followed by non-default arguments. This
change makes ``{% macro m(x, y=1, z) %}...{% endmacro %}`` a syntax error.
The
previous behavior for this code was broken anyway (resulting in the default
value being applied to `y`).
- Add ability to use custom subclasses of ``jinja2.compiler.CodeGenerator`` and
``jinja2.runtime.Context`` by adding two new attributes to the environment
(`code_generator_class` and `context_class`) (pull request ``#404``).
- added support for context/environment/evalctx decorator functions on
the finalize callback of the environment.
- escape query strings for urlencode properly. Previously slashes were not
escaped in that place.
- Add 'base' parameter to 'int' filter.
- Update to 2.7.3 (boo#858239, CVE-2014-0012)
</description>
<summary>Security update for python-Jinja2</summary>
</patchinfo>
