[Bug 2102129] Re: Fix for CVE-2025-27516 regressed jinja in Python2 on focal

2025-03-12 Thread John Breton
Thank you for the feedback thus far on this. For trusty and xenial I accounted for Python 2 compatibility and wrote a backport of getattr_static: ``` def getattr_static_py2(obj, attr, default=None): """ Mimic getattr_static from Python 3 in Python 2.7. """ for cls in inspect.getmro(type(obj)

[Bug 2102129] Re: Fix for CVE-2025-27516 regressed jinja in Python2 on focal and bionic ESM

2025-03-12 Thread John Breton
This update has now been pushed as of the publication of USN 7343-2: https://ubuntu.com/security/notices/USN-7343-2 The relevant fixes can be grabbed on bionic (available with Ubuntu Pro) and focal via a standard system update. Thank you all for your help in investigating this issue and for confi

[Bug 2102129] Re: Fix for CVE-2025-27516 regressed jinja in Python2 on focal and bionic ESM

2025-03-12 Thread John Breton
** Summary changed: - Fix for CVE-2025-27516 regressed jinja in Python2 on focal and previous releases (ESM) + Fix for CVE-2025-27516 regressed jinja in Python2 on focal and bionic ESM -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 2102129] Re: Fix for CVE-2025-27516 regressed jinja in Python2 on focal and previous releases (ESM)

2025-03-12 Thread Gianfranco Costamagna
** Summary changed: - Fix for CVE-2025-27516 regressed jinja in Python2 on focal + Fix for CVE-2025-27516 regressed jinja in Python2 on focal and previous releases (ESM) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.la

[Bug 2102129] Re: Fix for CVE-2025-27516 regressed jinja in Python2 on focal and previous releases (ESM)

2025-03-12 Thread Gianfranco Costamagna
Setting up libpython3.8-stdlib:amd64 (3.8.10-0ubuntu1~20.04.15) ... Setting up python3.8 (3.8.10-0ubuntu1~20.04.15) ... Setting up libpython3-stdlib:amd64 (3.8.2-0ubuntu2) ... Setting up python2.7 (2.7.18-1~20.04.7) ... Setting up libpython2-stdlib:amd64 (2.7.17-2ubuntu4) ... Setting up python3 (3.

[Bug 2102129] Re: Fix for CVE-2025-27516 regressed jinja in Python2 on focal

2025-03-12 Thread Ethan Weir
I can confirm that this same import error happens on bionic (18.04 Pro) after upgrading from 2.10-1ubuntu0.18.04.1+esm3 to esm4. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2102129 Title: Fix for

[Bug 2102129] Re: Fix for CVE-2025-27516 regressed jinja in Python2 on focal

2025-03-12 Thread Thomas Ward
I don't have the ESM licenses available at the moment to license a trusty, xenial, or bionic container, as the ESM repos for trusty (legacy), xenial, and bionic have what look like patched Python 2 versions of jinja2 which I cannot test. I have confirmed this import error will happen on Ubuntu Foc

[Bug 2102129] Re: Fix for CVE-2025-27516 regressed jinja in Python2 on focal

2025-03-12 Thread Marc Deslauriers
I am making this bug public as this regression is probably hitting more than one person. ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/b