Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2024-3102

Опубликовано: 23 мая 2024
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2024-3102: python-jinja2 security update (MODERATE)

[2.10.1-4]

  • Security fix for CVE-2024-22195 Resolves: RHEL-21347

[2.10.1-3]

  • Fix CVE-2020-28493: ReDOS vulnerability due to the sub-pattern Resolves: rhbz#1928707

[2.10.1-2]

  • Rebuild of package to go through gating
  • Resolves: rhbz#1701301

[2.10.1-1]

  • Rebase to 2.10.1 (security update) to fix CVE-2019-10906
  • Resolves: rhbz#1701301

[2.10-9]

  • Require platform-python-setuptools instead of python3-setuptools
  • Resolves: rhbz#1650536

[2.10-8]

  • Revert changes commited to wrong branch

[2.10-7]

  • Fix conditions

[2.10-6]

  • Specfile cleanup and fixes

[2.10-5]

  • Disable Python 2 build by default

[2.10-4]

  • Allow build with Python 2

[2.10-3]

  • Remove docs from Python 2 package
  • Remove dependency on python2-babel and python2-sphinx

[2.10-2]

[2.10-1]

  • Update to 2.10.
  • Use %bcond.
  • Move BRs to their respective subpackages.

[2.9.6-4]

  • Really cleanup spec file conditionals

[2.9.6-3]

  • Cleanup spec file conditionals

[2.9.6-2]

[2.9.6-1]

  • Update to 2.9.6.

[2.9.5-2]

[2.9.5-1]

  • Update to 2.9.5.

[2.9.4-1]

  • Update to 2.9.4.

[2.8.1-1]

  • Update to 2.8.1.

[2.8-8]

  • Rebuild for Python 3.6

[2.8-7]

  • Ship python2-jinja2 (bug #1378519)
  • Modernize spec

[2.8-6]

[2.8-5]

  • Do not call py.test, there are currently no tests in the tarball.

[2.8-4]

[2.8-3]

  • Rebuilt for Python3.5 rebuild

[2.8-2]

  • Apply updates Python packaging guidelines.
  • Mark LICENSE with %license.

[2.8-1]

  • Upstream 2.8

[2.7.3-3]

[2.7.3-2]

  • Add Requires python(3)-setuptools (bug #1168774)

[2.7.3-1]

  • Update to 2.7.3.
  • Reenable docs.

[2.7.2-2]

  • Bootstrap (without docs) build for Python 3.4

[2.7.2-1]

  • Update to 2.7.2.
  • Update python3 conditional.

[2.7.1-1]

  • Update to 2.7.1.

[2.7-1]

  • Update to 2.7
  • spec cleanup

[2.6-6]

[2.6-5]

[2.6-4]

  • remove rhel logic from with_python3 conditional

[2.6-3]

[2.6-2]

[2.6-1]

  • Update to 2.6.

[2.5.5-4]

[2.5.5-3]

  • Re-enable html doc generation.
  • Remove conditional for F-12 and below.
  • Do not silently fail the testsuite for with py3k.

[2.5.5-2]

  • Move python3 runtime requirements to python3 subpackage

[2.5.5-1]

  • Update to 2.5.5.

[2.5.2-4]

  • Revert to previous behavior: fail the build on failed test.
  • Rebuild for Python 3.2.

[2.5.2-3]

  • %ifnarch doesn't work on noarch package so don't fail the build on failed tests

[2.5.2-2]

  • disable the testsuite on s390(x)

[2.5.2-1]

  • Update to upstream version 2.5.2.
  • Package depends on python-markupsafe and is noarch now.

[2.5-4]

  • add explicit build-requirement on python-setuptools
  • fix doc disablement for python3 subpackage

[2.5-3]

  • support disabling documentation in the build to break a circular build-time dependency with python-sphinx; disable docs for now

[2.5-2]

[2.5-1]

  • Update to upstream version 2.5.
  • Create python3 subpackage.
  • Minor specfile fixes.
  • Add examples directory.
  • Thanks to Gareth Armstrong for additional hints.

[2.4.1-1]

  • Update to 2.4.1.

[2.4-1]

  • Update to 2.4.

[2.3.1-1]

  • Update to 2.3.1.
  • Docs are built using Sphinx now.
  • Run the testsuite.

[2.2.1-1]

  • Update to 2.2.1, mainly a bugfix release.
  • Remove patch no longer needed.
  • Remove conditional for FC-8.
  • Compilation of speedup module has to be explicitly requested now.

[2.1.1-3]

[2.1.1-2]

[2.1.1-1]

  • Update to 2.1.1 (bugfix release).

[2.1-1]

[2.0-3]

  • Rebuild for Python 2.6

[2.0-2]

  • Use rpm buildroot macro instead of RPM_BUILD_ROOT.

[2.0-1]

  • Upstream released 2.0.

[2.0-0.1.rc1]

  • Modified specfile from the existing python-jinja package.

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

python3-jinja2

2.10.1-4.el8

Oracle Linux x86_64

python3-jinja2

2.10.1-4.el8

Связанные CVE

CVE-2024-22195

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2024-22195

CVSS3: 5.4
ubuntu
больше 1 года назад

Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.

redhat логотип

CVE-2024-22195

CVSS3: 5.4
redhat
больше 1 года назад

Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.

nvd логотип

CVE-2024-22195

CVSS3: 5.4
nvd
больше 1 года назад

Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.

msrc логотип

CVE-2024-22195

CVSS3: 6.1
msrc
5 месяцев назад

Описание отсутствует

debian логотип

CVE-2024-22195

CVSS3: 5.4
debian
больше 1 года назад

Jinja is an extensible templating engine. Special placeholders in the ...