1. Forum
  2. Usenet
  3. LINUX.DEBIAN.DEVEL.RELEAS

  • Bug#1099074: bookworm-pu: package jinja2/3.1.2-1+deb12u2

    From Lee Garrett@21:1/5 to All on Thu Feb 27 23:10:02 2025
    XPost: linux.debian.bugs.dist

    Package: release.debian.org
    Severity: normal
    Tags: bookworm
    X-Debbugs-Cc: [email protected], [email protected]
    Control: affects -1 + src:jinja2
    User: [email protected]
    Usertags: pu


    [ Reason ]
    Fix CVE-2024-56201
    Fix CVE-2024-56326


    [ Impact ]
    Two security vulnerabilities will stay unfixed.

    [ Tests ]
    The patches are taken from upstream, and include test coverage. Both patches applied with minimal changes.

    [ Risks ]
    Low, are nearly direct patches from upstream.

    [ Checklist ]
    [x] *all* changes are documented in the d/changelog
    [x] I reviewed all changes and I approve them
    [x] attach debdiff against the package in (old)stable
    [x] the issue is verified as fixed in unstable

    [ Changes ]
    Fix CVE-2024-56201
    Fix CVE-2024-56326

    [ Other info ]
    %

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Thu Feb 27 23:10:02 2025
    Processing control commands:

    affects -1 + src:jinja2
    Bug #1099074 [release.debian.org] bookworm-pu: package jinja2/3.1.2-1+deb12u2 Added indication that 1099074 affects src:jinja2

    --
    1099074: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099074
    Debian Bug Tracking System
    Contact [email protected] with problems

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Adam D Barratt@21:1/5 to All on Sat Mar 1 12:20:01 2025
    XPost: linux.debian.bugs.dist

    package release.debian.org
    tags 1099074 = bookworm pending
    thanks

    Hi,

    The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm.

    Thanks for your contribution!

    Upload details
    ==============

    Package: jinja2
    Version: 3.1.2-1+deb12u2

    Explanation: fix arbitrary code execution issues [CVE-2024-56201 CVE-2024-56326]

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Sat Mar 15 11:00:07 2025
    This is a multi-part message in MIME format...

    Your message dated Sat, 15 Mar 2025 09:44:44 +0000
    with message-id <[email protected]>
    and subject line Close 1099074
    has caused the Debian Bug report #1099074,
    regarding bookworm-pu: package jinja2/3.1.2-1+deb12u2
    to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected]
    immediately.)


    --
    1099074: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099074
    Debian Bug Tracking System
    Contact [email protected] with problems

    Received: (at submit) by bugs.debian.org; 27 Feb 2025 22:06:23 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.6-bugs.debian.org_2005_01_02
    (2021-04-09) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-24.3 required=4.0 tests=BAYES_00,
    BODY_INCLUDES_CONTROL_AFFECTS,BODY_INCLUDES_PACKAGE,HAS_PACKAGE,
    KHOP_HELO_FCRDNS,RCVD_IN_PBL,RDNS_DYNAMIC,SPF_FAIL,XMAILER_REPORTBUG
    autolearn=ham autolearn_force=no
    version=3.4.6-bugs.debian.org_2005_01_02
    X-Spam-Bayes: score:0.0000 Tokens: new, 31; hammy, 135; neutral, 37; spammy,
    1. spammytokens:0.944-+--H*r:bugs.debian.org
    hammytokens:0.000-+--XDebbugsCc, 0.000-+--X-Debbugs-Cc,
    0.000-+--bookworm, 0.000-+--H*M:reportbug, 0.000-+--H*MI:reportbug Return-path: <[email protected]>
    Received: from dynamic-2a02-3100-28b7-e600-9617-5f8d-264c-ce6b.310.pool.telefonica.de ([2a02:3100:28b7:e600:9617:5f