[Buildroot] [v2 PATCH 1/1] package/python-jinja2: security bump to version 3.1.6
Julien Olivain
ju.o at free.fr
Thu Apr 10 19:30:39 UTC 2025
On 09/04/2025 19:10, Thomas Perale via buildroot wrote:
> Fixes the following security issue:
>
> - CVE-2025-27516: Prior to 3.1.6, an oversight in how the Jinja
> sandboxed environment interacts with the |attr filter allows
> an attacker that controls the content of a template to execute
> arbitrary Python code.
>
> For more information, see:
> - https://nvd.nist.gov/vuln/detail/CVE-2025-27516
> -
> https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403
>
> For more details on the version bump, see the release notes:
>
> https://github.com/pallets/jinja/releases/tag/3.1.6
>
> Signed-off-by: Thomas Perale <thomas.perale at mind.be>
Applied to master, thanks.
More information about the buildroot
mailing list