1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1105996: bookworm-pu: package jinja2/3.1.2-1+deb12u3

    From Moritz Muehlenhoff@21:1/5 to All on Sun May 18 17:30:02 2025
    XPost: linux.debian.devel.release

    UGFja2FnZTogcmVsZWFzZS5kZWJpYW4ub3JnClNldmVyaXR5OiBub3JtYWwKVGFnczogYm9va3dv cm0KWC1EZWJidWdzLUNjOiBqaW5qYTJAcGFja2FnZXMuZGViaWFuLm9yZwpDb250cm9sOiBhZmZl Y3RzIC0xICsgc3JjOmppbmphMgpVc2VyOiByZWxlYXNlLmRlYmlhbi5vcmdAcGFja2FnZXMuZGVi aWFuLm9yZwpVc2VydGFnczogcHUKCkFkcmVzc2VzIG9uZSBsb3cgc2V2ZXJpdHkgc2VjdXJpdHkg aXNzdWUsIGRlYmRpZmYgYmVsb3cuCgpDaGVlcnMsCiAgICAgICAgTW9yaXR6CgpkaWZmIC1OcnUg amluamEyLTMuMS4yL2RlYmlhbi9jaGFuZ2Vsb2cgamluamEyLTMuMS4yL2RlYmlhbi9jaGFuZ2Vs b2cKLS0tIGppbmphMi0zLjEuMi9kZWJpYW4vY2hhbmdlbG9nCTIwMjUtMDItMjcgMjI6MzA6NTQu MDAwMDAwMDAwICswMTAwCisrKyBqaW5qYTItMy4xLjIvZGViaWFuL2NoYW5nZWxvZwkyMDI1LTA1 LTE4IDAwOjE3OjAxLjAwMDAwMDAwMCArMDIwMApAQCAtMSwzICsxLDkgQEAKK2ppbmphMiAoMy4x LjItMStkZWIxMnUzKSBib29rd29ybTsgdXJnZW5jeT1tZWRpdW0KKworICAqIENWRS0yMDI1LTI3 NTE2IChDbG9zZXM6ICMxMDk5NjkwKQorCisgLS0gTW9yaXR6IE3DvGhsZW5ob2ZmIDxqbW1AZGVi aWFuLm9yZz4gIFN1biwgMTggTWF5IDIwMjUgMDA6MTc6MDEgKzAyMDAKKwogamluamEyICgzLjEu Mi0xK2RlYjEydTIpIGJvb2t3b3JtOyB1cmdlbmN5PW1lZGl1bQogCiAgICogTm9uLW1haW50YWlu ZXIgdXBsb2FkIGJ5IHRoZSBMVFMgc2VjdXJpdHkgdGVhbS4KZGlmZiAtTnJ1IGppbmphMi0zLjEu Mi9kZWJpYW4vcGF0Y2hlcy8wMDA4LUNWRS0yMDI1LTI3NTE2LnBhdGNoIGppbmphMi0zLjEuMi9k ZWJpYW4vcGF0Y2hlcy8wMDA4LUNWRS0yMDI1LTI3NTE2LnBhdGNoCi0tLSBqaW5qYTItMy4xLjIv ZGViaWFuL3BhdGNoZXMvMDAwOC1DVkUtMjAyNS0yNzUxNi5wYXRjaAkxOTcwLTAxLTAxIDAxOjAw OjAwLjAwMDAwMDAwMCArMDEwMAorKysgamluamEyLTMuMS4yL2RlYmlhbi9wYXRjaGVzLzAwMDgt Q1ZFLTIwMjUtMjc1MTYucGF0Y2gJMjAyNS0wNS0xOCAwMDoxNjo0Ni4wMDAwMDAwMDAgKzAyMDAK QEAgLTAsMCArMSw2MCBAQAorQ29tbWl0IDA2NTMzNGQxZWU1YjcyMTBlMWEwYTkzYzM3MjM4Yzg2 ODU4ZjJhZjcgdXBzdHJlYW06CisKK0Zyb206IERhdmlkIExvcmQgPGRhdmlkaXNtQGdtYWlsLmNv bT4KK0RhdGU6IFdlZCwgNSBNYXIgMjAyNSAxMDowODo0OCAtMDgwMAorU3ViamVjdDogW1BBVENI XSBhdHRyIGZpbHRlciB1c2VzIGVudi5nZXRhdHRyCisKKy0tLSBqaW5qYTItMy4xLjIub3JpZy9z cmMvamluamEyL2ZpbHRlcnMucHkKKysrKyBqaW5qYTItMy4xLjIvc3JjL2ppbmphMi9maWx0ZXJz LnB5CitAQCAtNSw2ICs1LDcgQEAgaW1wb3J0IHJlCisgaW1wb3J0IHR5cGluZworIGltcG9ydCB0 eXBpbmcgYXMgdAorIGZyb20gY29sbGVjdGlvbnMgaW1wb3J0IGFiYworK2Zyb20gaW5zcGVjdCBp bXBvcnQgZ2V0YXR0cl9zdGF0aWMKKyBmcm9tIGl0ZXJ0b29scyBpbXBvcnQgY2hhaW4KKyBmcm9t IGl0ZXJ0b29scyBpbXBvcnQgZ3JvdXBieQorIAorQEAgLTEzOTMsMzAgKzEzOTQsMjQgQEAgZGVm IGRvX2F0dHIoCisgICAgIGVudmlyb25tZW50OiAiRW52aXJvbm1lbnQiLCBvYmo6IHQuQW55LCBu YW1lOiBzdHIKKyApIC0+IHQuVW5pb25bVW5kZWZpbmVkLCB0LkFueV06CisgICAgICIiIkdldCBh biBhdHRyaWJ1dGUgb2YgYW4gb2JqZWN0LiAgYGBmb298YXR0cigiYmFyIilgYCB3b3JrcyBsaWtl CistICAgIGBgZm9vLmJhcmBgIGp1c3QgdGhhdCBhbHdheXMgYW4gYXR0cmlidXRlIGlzIHJldHVy bmVkIGFuZCBpdGVtcyBhcmUgbm90CistICAgIGxvb2tlZCB1cC4KKysgICAgYGBmb28uYmFyYGAs IGJ1dCByZXR1cm5zIHVuZGVmaW5lZCBpbnN0ZWFkIG9mIGZhbGxpbmcgYmFjayB0byBgYGZvb1si YmFyIl1gYAorKyAgICBpZiB0aGUgYXR0cmlidXRlIGRvZXNuJ3QgZXhpc3QuCisgCisgICAgIFNl ZSA6cmVmOmBOb3RlcyBvbiBzdWJzY3JpcHRpb25zIDxub3Rlcy1vbi1zdWJzY3JpcHRpb25zPmAg Zm9yIG1vcmUgZGV0YWlscy4KKyAgICAgIiIiCisrICAgICMgRW52aXJvbm1lbnQuZ2V0YXR0ciB3 aWxsIGZhbGwgYmFjayB0byBvYmpbbmFtZV0gaWYgb2JqLm5hbWUgZG9lc24ndCBleGlzdC4KKysg ICAgIyBCdXQgd2Ugd2FudCB0byBjYWxsIGVudi5nZXRhdHRyIHRvIGdldCBiZWhhdmlvciBzdWNo IGFzIHNhbmRib3hpbmcuCisrICAgICMgRGV0ZXJtaW5lIGlmIHRoZSBhdHRyIGV4aXN0cyBmaXJz dCwgc28gd2Uga25vdyB0aGUgZmFsbGJhY2sgd29uJ3QgdHJpZ2dlci4KKyAgICAgdHJ5OgorLSAg ICAgICAgbmFtZSA9IHN0cihuYW1lKQorLSAgICBleGNlcHQgVW5pY29kZUVycm9yOgorLSAgICAg ICAgcGFzcworLSAgICBlbHNlOgorLSAgICAgICAgdHJ5OgorLSAgICAgICAgICAgIHZhbHVlID0g Z2V0YXR0cihvYmosIG5hbWUpCistICAgICAgICBleGNlcHQgQXR0cmlidXRlRXJyb3I6CistICAg ICAgICAgICAgcGFzcworLSAgICAgICAgZWxzZToKKy0gICAgICAgICAgICBpZiBlbnZpcm9ubWVu dC5zYW5kYm94ZWQ6CistICAgICAgICAgICAgICAgIGVudmlyb25tZW50ID0gdC5jYXN0KCJTYW5k Ym94ZWRFbnZpcm9ubWVudCIsIGVudmlyb25tZW50KQorLQorLSAgICAgICAgICAgICAgICBpZiBu b3QgZW52aXJvbm1lbnQuaXNfc2FmZV9hdHRyaWJ1dGUob2JqLCBuYW1lLCB2YWx1ZSk6CistICAg ICAgICAgICAgICAgICAgICByZXR1cm4gZW52aXJvbm1lbnQudW5zYWZlX3VuZGVmaW5lZChvYmos IG5hbWUpCistCistICAgICAgICAgICAgcmV0dXJuIHZhbHVlCisrICAgICAgICAjIFRoaXMgYXZv aWRzIGV4ZWN1dGluZyBwcm9wZXJ0aWVzL2Rlc2NyaXB0b3JzLCBidXQgbWlzc2VzIF9fZ2V0YXR0 cl9fCisrICAgICAgICAjIGFuZCBfX2dldGF0dHJpYnV0ZV9fIGR5bmFtaWMgYXR0cnMuCisrICAg ICAgICBnZXRhdHRyX3N0YXRpYyhvYmosIG5hbWUpCisrICAgIGV4Y2VwdCBBdHRyaWJ1dGVFcnJv cjoKKysgICAgICAgICMgVGhpcyBmaW5kcyBkeW5hbWljIGF0dHJzLCBhbmQgd2Uga25vdyBpdCdz IG5vdCBhIGRlc2NyaXB0b3IgYXQgdGhpcyBwb2ludC4KKysgICAgICAgIGlmIG5vdCBoYXNhdHRy KG9iaiwgbmFtZSk6CisrICAgICAgICAgICAgcmV0dXJuIGVudmlyb25tZW50LnVuZGVmaW5lZChv Ymo9b2JqLCBuYW1lPW5hbWUpCisgCistICAgIHJldHVybiBlbnZpcm9ubWVudC51bmRlZmluZWQo b2JqPW9iaiwgbmFtZT1uYW1lKQorKyAgICByZXR1cm4gZW52aXJvbm1lbnQuZ2V0YXR0cihvYmos IG5hbWUpCisgCisgCisgQHR5cGluZy5vdmVybG9hZApkaWZmIC1OcnUgamluamEyLTMuMS4yL2Rl Ymlhbi9wYXRjaGVzL3NlcmllcyBqaW5qYTItMy4xLjIvZGViaWFuL3BhdGNoZXMvc2VyaWVzCi0t LSBqaW5qYTItMy4xLjIvZGViaWFuL3BhdGNoZXMvc2VyaWVzCTIwMjUtMDItMjcgMjI6MjE6NDAu MDAwMDAwMDAwICswMTAwCisrKyBqaW5qYTItMy4xLjIvZGViaWFuL3BhdGNoZXMvc2VyaWVzCTIw MjUtMDUtMTggMDA6MTY6MzQuMDAwMDAwMDAwICswMjAwCkBAIC01LDMgKzUsNCBAQAogMDAwMi1k aXNhbGxvdy1pbnZhbGlkLWNoYXJhY3RlcnMtaW4ta2V5cy10by14bWxhdHRyLWZpbHRlLnBhdGNo CiAwMDA2LUZpeC1DVkUtMjAyNC01NjIwMS5wYXRjaAogMDAwNy1GaXgtQ1ZFLTIwMjQtNTYzMjYu cGF0Y2gKKzAwMDgtQ1ZFLTIwMjUtMjc1MTYucGF0Y2gK

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Adam D Barratt@21:1/5 to All on Sat May 31 23:30:02 2025
    XPost: linux.debian.devel.release

    package release.debian.org
    tags 1105996 = bookworm pending
    thanks

    Hi,

    The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm.

    Thanks for your contribution!

    Upload details
    ==============

    Package: jinja2
    Version: 3.1.2-1+deb12u3

    Explanation: fix arbitrary code execution issue [CVE-2025-27516]

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)