Hi Hugo,
On Mon, Apr 08, 2019 at 10:20:29PM +0200, Hugo Lefeuvre wrote:
> Hi Salvatore,
>
> > CVE-2016-10745 was assigned for this issue.
>
> Thanks for the information.
>
> I just noticed you added CVE-2016-10745 to the tracker. I am fairly
> confused, do you know why this CVE was not
Hi Salvatore,
> CVE-2016-10745 was assigned for this issue.
Thanks for the information.
I just noticed you added CVE-2016-10745 to the tracker. I am fairly
confused, do you know why this CVE was not referenced in the tracker?
Or did you just request it?
cheers,
Hugo
--
Hugo
Hi Hugo,
On Mon, Apr 08, 2019 at 10:04:35AM +0200, Hugo Lefeuvre wrote:
> > This should help confirming vulnerability in other suites.
>
> 2.7.3-1 and all later releases affected. In addition, both 2.7.3-1 and
> 2.8-1 are affected by the previous str.format issue[0].
>
> [0]
> This should help confirming vulnerability in other suites.
2.7.3-1 and all later releases affected. In addition, both 2.7.3-1 and
2.8-1 are affected by the previous str.format issue[0].
[0] https://palletsprojects.com/blog/jinja-281-released/
--
Hugo Lefeuvre (hle)|
Hi,
I'm working on a potential jinja2 Debian LTS security update. Here is a
proof of concept which allows to easily reproduce the issue. This should
help confirming vulnerability in other suites.
>>> from jinja2.sandbox import SandboxedEnvironment
>>> env = SandboxedEnvironment()
>>> config =
5 matches
Mail list logo
