[Git][security-tracker-team/security-tracker][master] Reserve DLA-3988-1 for jinja2

Adrian Bunk (@bunk) bunk at debian.org
Sun Dec 8 22:20:28 GMT 2024



Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
86465203 by Adrian Bunk at 2024-12-09T00:20:15+02:00
Reserve DLA-3988-1 for jinja2

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -59025,7 +59025,6 @@ CVE-2024-34069 (Werkzeug is a comprehensive WSGI web application library. The de
 CVE-2024-34064 (Jinja is an extensible templating engine. The `xmlattr` filter in affe ...)
 	- jinja2 <unfixed> (bug #1070712)
 	[bookworm] - jinja2 <no-dsa> (Minor issue)
-	[bullseye] - jinja2 <no-dsa> (Minor issue)
 	[buster] - jinja2 <postponed> (Minor issue)
 	NOTE: https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj
 	NOTE: Fixed by: https://github.com/pallets/jinja/commit/d655030770081e2dfe46f90e27620472a502289d (3.1.4)
@@ -91385,7 +91384,6 @@ CVE-2024-22195 (Jinja is an extensible templating engine. Special placeholders i
 	{DLA-3715-1}
 	- jinja2 3.1.3-1 (bug #1060748)
 	[bookworm] - jinja2 <no-dsa> (Minor issue)
-	[bullseye] - jinja2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95
 	NOTE: Fixed by: https://github.com/pallets/jinja/commit/7dd3680e6eea0d77fde024763657aa4d884ddb23 (3.1.3)
 CVE-2024-22194 (cdo-local-uuid project provides a specialized UUID-generating function ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[09 Dec 2024] DLA-3988-1 jinja2 - security update
+	{CVE-2024-22195 CVE-2024-34064}
+	[bullseye] - jinja2 2.11.3-1+deb11u1
 [08 Dec 2024] DLA-3987-1 renderdoc - security update
 	{CVE-2023-33863 CVE-2023-33864 CVE-2023-33865}
 	[bullseye] - renderdoc 1.11+dfsg-5+deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -120,11 +120,6 @@ intel-microcode (tobi)
 jetty9 (Markus Koschany)
   NOTE: 20241110: Added by Front-Desk (apo)
 --
-jinja2 (Adrian Bunk)
-  NOTE: 20241206: Added by coordinator (roberto)
-  NOTE: 20241206: CVE-2024-22195 was fixed in buster, is still open (no-dsa) in bullseye and bookworm
-  NOTE: 20241206: https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/170
---
 knot-resolver
   NOTE: 20240924: Added by Front-Desk (lamby)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86465203e9c7df5fa6fbfe6f062a6680c0db1f88

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86465203e9c7df5fa6fbfe6f062a6680c0db1f88
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241208/6d842f0c/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list