Package: jinja2 Version: 2.7.2-1 Severity: important Tags: security upstream
Hi Piotr, the following vulnerability was published for jinja2. The upload for jinja2/2.7.2-1 addressing CVE-2014-1402 introduced a unsafe temporary files creation vulnerability. CVE-2014-0012[0]: unsafe temporary files creation See also [1] for the CVE assignment. See the nice blogpost[2] from Kurt Seifried for information on how to create safely temporary files and directories in various languages. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0012 http://security-tracker.debian.org/tracker/CVE-2014-0012 [1] http://www.openwall.com/lists/oss-security/2014/01/11/1 [2] http://kurt.seifried.org/2012/03/14/creating-temporary-files-securely/ Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
