Hi Moritz,
> I've never used that myself either, but reading up on the documentation
> it's so full of caveats that I doubt these are really severe issues. Unless
> someone has credible clams of the contrary I'm inclined to mark these as
> no-dsa for stretch.
Thanks. We'll go for no-dsa in
On Sun, Apr 14, 2019 at 12:14:04PM +0200, Hugo Lefeuvre wrote:
> Dear Piotr, security team,
>
> I am currently working on CVE-2019-10906 and CVE-2016-10745, trying to
> decide if preparing an LTS upload for these issues is worth the trouble.
>
> These issues seem to absolutely break the jinja2
