[Git][security-tracker-team/security-tracker][master] Reserve DLA-3988-1 for jinja2
Adrian Bunk (@bunk)
bunk at debian.org
Sun Dec 8 22:20:28 GMT 2024
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker
Commits:
86465203 by Adrian Bunk at 2024-12-09T00:20:15+02:00
Reserve DLA-3988-1 for jinja2
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -59025,7 +59025,6 @@ CVE-2024-34069 (Werkzeug is a comprehensive WSGI web application library. The de
CVE-2024-34064 (Jinja is an extensible templating engine. The `xmlattr` filter in affe ...)
- jinja2 <unfixed> (bug #1070712)
[bookworm] - jinja2 <no-dsa> (Minor issue)
- [bullseye] - jinja2 <no-dsa> (Minor issue)
[buster] - jinja2 <postponed> (Minor issue)
NOTE: https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj
NOTE: Fixed by: https://github.com/pallets/jinja/commit/d655030770081e2dfe46f90e27620472a502289d (3.1.4)
@@ -91385,7 +91384,6 @@ CVE-2024-22195 (Jinja is an extensible templating engine. Special placeholders i
{DLA-3715-1}
- jinja2 3.1.3-1 (bug #1060748)
[bookworm] - jinja2 <no-dsa> (Minor issue)
- [bullseye] - jinja2 <no-dsa> (Minor issue)
NOTE: https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95
NOTE: Fixed by: https://github.com/pallets/jinja/commit/7dd3680e6eea0d77fde024763657aa4d884ddb23 (3.1.3)
CVE-2024-22194 (cdo-local-uuid project provides a specialized UUID-generating function ...)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[09 Dec 2024] DLA-3988-1 jinja2 - security update
+ {CVE-2024-22195 CVE-2024-34064}
+ [bullseye] - jinja2 2.11.3-1+deb11u1
[08 Dec 2024] DLA-3987-1 renderdoc - security update
{CVE-2023-33863 CVE-2023-33864 CVE-2023-33865}
[bullseye] - renderdoc 1.11+dfsg-5+deb11u1
=====================================
data/dla-needed.txt
=====================================
@@ -120,11 +120,6 @@ intel-microcode (tobi)
jetty9 (Markus Koschany)
NOTE: 20241110: Added by Front-Desk (apo)
--
-jinja2 (Adrian Bunk)
- NOTE: 20241206: Added by coordinator (roberto)
- NOTE: 20241206: CVE-2024-22195 was fixed in buster, is still open (no-dsa) in bullseye and bookworm
- NOTE: 20241206: https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/170
---
knot-resolver
NOTE: 20240924: Added by Front-Desk (lamby)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86465203e9c7df5fa6fbfe6f062a6680c0db1f88
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86465203e9c7df5fa6fbfe6f062a6680c0db1f88
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241208/6d842f0c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list