Accepted jinja2 2.10-2+deb10u1 (source) into oldoldstable
- To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
- Subject: Accepted jinja2 2.10-2+deb10u1 (source) into oldoldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Tue, 23 Jan 2024 17:10:20 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: jinja2_2.10-2+deb10u1_amd64.changes
- Debian-source: jinja2
- Debian-suite: oldoldstable
- Debian-version: 2.10-2+deb10u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=JwTCKr92f2nerRXNliHmEoukanJ8CddP+nmuf7y02A0=; b=Z4g+9No1jquQsv/y4D3qf3j7wM IIpP2JHjbMCaaGjAC8hj3Z+SkO6iJyCYn6PUfPzocm2pe32Q2+FxOBIxDrbCV5+2h4mDjfKfC5goa YeZXQVlbc7w01Q8EnO/Dt6Mx+r5yb0SutBx4Mn0K8gky9tk3YafVXVAXf8vnv1AkJB0d4RrxkNuyH wA/ByjXEeKbbQf2iw1rWiELfk8AvT946cug3T0HdCTdqo3t80MmLrH7uhNjlxll5BhEHOYFvL7qsj IGK+ED1cD+DtiLYv1qOkFuSPDJZn8mYVpjpNkqXD1TJ3aHNrF4Mp+7H6erIW+9MCgfkbzpp6jar8l r0foDZmA==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1rSKI0-00B3CM-VA@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 22 Jan 2024 12:57:18 -0800
Source: jinja2
Architecture: source
Version: 2.10-2+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Piotr Ożarowski <piotr@debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Closes: 1060748
Changes:
jinja2 (2.10-2+deb10u1) buster-security; urgency=high
.
* Non-maintainer upload by the Debian LTS team.
* CVE-2024-22195: Fix an issue where it was possible to inject arbitrary HTML
attributes into the rendered HTML via the "xmlattr" filter, potentially
leading to a Cross-Site Scripting (XSS) attack. It may also have been
possible to bypass attribute validation checks if they were
blacklist-based. (Closes: #1060748)
* Actually run the testsuite, on both Python 2.x and Python 3.x.
Checksums-Sha1:
a342700ac08e382e83b0ce44e4af9d1af6e95eba 2270 jinja2_2.10-2+deb10u1.dsc
34b69e5caab12ee37b9df69df9018776c008b7b8 261631 jinja2_2.10.orig.tar.gz
424e1b845ef2f1be45826dec9138ac8abd7679d8 9092 jinja2_2.10-2+deb10u1.debian.tar.xz
fe02072f43da0afed99084fa87b8654f066b3def 8648 jinja2_2.10-2+deb10u1_amd64.buildinfo
Checksums-Sha256:
44e387409fa48b1e61b345e1870a6bc904f184d6c05196af536dea0d98e12b79 2270 jinja2_2.10-2+deb10u1.dsc
f84be1bb0040caca4cea721fcbbbbd61f9be9464ca236387158b0feea01914a4 261631 jinja2_2.10.orig.tar.gz
66ca1f9aa537e686f8bd1e928e7c6922953fab09231aeeb8d1afd05f2afec5c2 9092 jinja2_2.10-2+deb10u1.debian.tar.xz
cdf27f2ca79447fc9e996f2444be44ac4204ebb1349278cd198f487d6ecafef8 8648 jinja2_2.10-2+deb10u1_amd64.buildinfo
Files:
0d66ce98a8e9527a1be720be1422429b 2270 python optional jinja2_2.10-2+deb10u1.dsc
61ef1117f945486472850819b8d1eb3d 261631 python optional jinja2_2.10.orig.tar.gz
42b755f5aa655fcef3a8b4dcccdb17e1 9092 python optional jinja2_2.10-2+deb10u1.debian.tar.xz
5e7fc39b579ffbc62f114e778ca26520 8648 python optional jinja2_2.10-2+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmWv79UACgkQHpU+J9Qx
HlhsAg//SAJNidIxSAUyzTHIFPvU/iXDckNyJeZW4lReDrPiX9r2hSxCWEpK/Feg
4JIFWC9QMmr6/oThON75YMJsUce5PaK7LyB6auMM30sBWBvBgwkJ7zj6PINbRZMx
SLfeR37ogXJLi6GAQNR5/XMiVWkWLBGk2LSrSztfGdWT8NdCU3XRHcQZ8HdZuXDJ
U1u6/iCa0d1ZrA4UAHBIHhWRwgXenzyDm3gm/u0qbQfNQSm4+uF/86YcecAYQOgy
h9pUS3jzIMB6Bjvx9XpaV5S87cuiASex39hUeTURhZD1gd9WYHY67rFanGOPLwKC
jbrEf6FDx7lIewdn5HZOiALzV+/h4f0JkwsXfz617sCGizSpQCq5aPMvJFniNkwO
wemQYgqbDBhHAE95kWv3UkFVrh6m+r/Fu3BL7NSbs1OF5UPWqKhyOyVJd7DQcf3u
VVpdBMf7d7er6m3mTYJOnxVFB4ZjvBfA/M7F90fFESxMUGXCNvmgR9IXMp5nPonW
PC7owrche4SjVD6+im5nPQRRdYtX8sMJpV2+6SuFyOhgGiNtrIChUlu9Q7rKOHOt
SfamZ/Zg9zRUMRL7S2dhsWf8/MUKPAkZcNPlD2TWgMj7N6mmOdwKYwwl32d7a7eJ
tXKwIKYzAz6fYYtGmc0egODtPJNkBei93o4vAtWWpn0csybed60=
=ZNs1
-----END PGP SIGNATURE-----