Overview

File _patchinfo of Package patchinfo.11092

<patchinfo incident="11092">
  <issue tracker="bnc" id="1132174">VUL-0: CVE-2016-10745: python-Jinja2: Sandbox escape due to information disclosure via str.format</issue>
  <issue tracker="bnc" id="1132323">VUL-0: CVE-2019-10906: python-Jinja2: Sandbox escape due to information disclosure via str.format</issue>
  <issue tracker="bnc" id="1125815">VUL-0: CVE-2019-8341: python-Jinja2: command injection in function from_string</issue>
  <issue tracker="cve" id="2016-10745"/>
  <issue tracker="cve" id="2019-10906"/>
  <issue tracker="cve" id="2019-8341"/>
  <packager>tbechtold</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for python-Jinja2</summary>
  <description>This update for python-Jinja2 to version 2.10.1 fixes the following issues:

Security issues fixed:

- CVE-2019-8341: Fixed a command injection in from_string() (bsc#1125815).
- CVE-2019-10906: Fixed a sandbox escape due to information disclosure via str.format (bsc#1132323).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places