This bug was fixed in the package jinja2 - 3.1.6-1
Sponsored for Nishit Majithia (0xnishit)
---------------
jinja2 (3.1.6-1) unstable; urgency=medium
* Team upload.
* New upstream release:
- CVE-2025-27516: The |attr filter does not bypass the environment's
attribute lookup, allowing the sandbox to apply its checks (closes:
#1099690).
-- Colin Watson <[email protected]> Tue, 25 Mar 2025 22:31:52 +0000
** Changed in: jinja2 (Ubuntu)
Status: New => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-27516
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2115949
Title:
Sync jinja2 from debian for questing
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/jinja2/+bug/2115949/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
