jinja2 (3.0.3-1ubuntu0.3) jammy-security; urgency=medium
* SECURITY UPDATE: arbitrary code execution issue in jinja compiler
- debian/patches/CVE-2024-56201.patch: f-string syntax handling in code
generation improved in src/jinja2/compiler.py.
- debian/patches/CVE-2024-56326.patch: oversight on calls to str.format
adjusted in src/jinja2/sandbox.py.
- CVE-2024-56201
- CVE-2024-56326
-- Evan Caville <evan.caville@canonical.com> Mon, 06 Jan 2025 15:27:20 +1000
jinja2 (3.0.3-1ubuntu0.2) jammy-security; urgency=medium
* SECURITY UPDATE: Cross-Site scripting in xmlattr filter
- debian/patches/CVE-2024-34064.patch: disallow invalid characters
in keys to xmlattr filter
- CVE-2024-34064
-- Nick Galanis <nick.galanis@canonical.com> Tue, 21 May 2024 13:05:09 +0100
jinja2 (3.0.3-1ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: Cross-Site scripting
- debian/patches/CVE-2024-22195.patch: disallow keys with spaces
in src/jinja2/filters.py, tests/test_filters.py.
- CVE-2024-22195
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Fri, 19 Jan 2024 07:56:33 -0300
jinja2 (3.0.3-1) unstable; urgency=medium
* New upstream release
-- Piotr Ożarowski <piotr@debian.org> Fri, 11 Feb 2022 13:50:47 +0100
jinja2 (3.0.1-2) unstable; urgency=medium
* Uploading to unstable.
-- Thomas Goirand <zigo@debian.org> Fri, 01 Oct 2021 11:22:02 +0200
jinja2 (3.0.1-1) experimental; urgency=medium
[ Debian Janitor ]
* Remove constraints unnecessary since stretch:
+ Build-Depends: Drop versioned constraint on python-setuptools.
[ Thomas Goirand ]
* Team upload.
* New upstream release.
* Ran wrap-and-sort -bastk.
* Fixed (build-)depends for this release.
* Killed the python2 package.
* Rebase patches:
- re-wrote py3.9-fix-collections-import.patch
- refreshed 0002-docs-disable-sphinxcontrib.log_cabinet.patch
* Use debian/jinja.vim instead of the one upstream, gone in this version.
-- Thomas Goirand <zigo@debian.org> Fri, 17 Sep 2021 23:25:00 +0200
jinja2 (2.11.3-1) unstable; urgency=medium
* Team upload.
[ Ondřej Nový ]
* d/control: Update Vcs-* fields with new Debian Python Team Salsa
layout.
[ Debian Janitor ]
* Apply multi-arch hints.
+ python-jinja2-doc: Add Multi-Arch: foreign.
[ Sandro Tosi ]
* Use the new Debian Python Team contact name and address
[ Hans-Christoph Steiner ]
* New upstream release
-- Hans-Christoph Steiner <hans@eds.org> Mon, 01 Mar 2021 12:05:52 +0100
jinja2 (2.11.2-1) unstable; urgency=medium
* New upstream release
-- Piotr Ożarowski <piotr@debian.org> Thu, 04 Jun 2020 19:31:21 +0200
jinja2 (2.11.1-1) unstable; urgency=medium
[ Thomas Goirand ]
* py3.9-fix-collections-import.patch: correctly "except ImportError:"
everywhere in the patch.
[ Salman Mohammadi ]
* d/control: change python-jinja2-doc to recommend python3-jinja2
(closes: 951672)
[ Piotr Ożarowski ]
* New upstream release
* Add python3-pallets-sphinx-themes and python3-sphinx-issues to Build-Depends
* Add patch to disable sphinxcontrib.log_cabinet for now as it's not
packaged in Debian yet (versionadded, versionchanged, deprecated
directives in changelog will not be used)
* Move Vim syntax files to python3-jinja2 package
* Standards-version bumped to 4.5.0 (no other changes needed)
-- Piotr Ożarowski <piotr@debian.org> Thu, 02 Apr 2020 13:35:21 +0200
jinja2 (2.10.1-2) unstable; urgency=medium
[ Ondřej Nový ]
* Use debhelper-compat instead of debian/compat.
* Bump Standards-Version to 4.4.1.
[ Thomas Goirand ]
* Team upload.
* Add py3.9-fix-collections-import.patch (Closes: #949018).
-- Thomas Goirand <zigo@debian.org> Thu, 27 Feb 2020 11:49:32 +0100
# For older changelog entries, run 'apt-get changelog python-jinja2-doc'
Generated by dwww version 1.14 on Sun Feb 2 13:40:24 CET 2025.