Overview

File _patchinfo of Package patchinfo.11103

<patchinfo incident="11103">
  <issue tracker="bnc" id="1132174">VUL-0: CVE-2016-10745: python-Jinja2: Sandbox escape due to information disclosure via str.format</issue>
  <issue id="1132323" tracker="bnc">VUL-0: CVE-2019-10906: python-Jinja2: Sandbox escape due to information disclosure via str.format</issue>
  <issue id="1125815" tracker="bnc">VUL-0: CVE-2019-8341: python-Jinja2: command injection in function from_string</issue>
  <issue tracker="cve" id="2016-10745"/>
  <issue id="2019-10906" tracker="cve" />
  <issue id="2019-8341" tracker="cve" />
  <packager>tbechtold</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for python-Jinja2</summary>
  <description>This update for python-Jinja2 fixes the following issues:

Security issues fixed:

- CVE-2016-10745: Fixed a sandbox escape caused by an information disclosure via str.format (bsc#1132174).
- CVE-2019-10906: Fixed a sandbox escape due to information disclosure via str.format (bsc#1132323).
- CVE-2019-8341: Fixed command injection in function from_string (bsc#1125815).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places