Ubuntu has issued an advisory on May 28: https://ubuntu.com/security/notices/USN-6787-1 The problem is fixed in 3.1.4. Mageia 9 is also affected.
Source RPM: (none) => python-jinja2-3.1.3-1.mga10.src.rpmStatus comment: (none) => Fixed upstream in 3.1.4 and patch available from upstream and UbuntuCVE: (none) => CVE-2024-34064Whiteboard: (none) => MGA9TOO
Ubuntu has issued an advisory on January 25: https://ubuntu.com/security/notices/USN-6599-1 The problem is fixed in 3.1.3. Mageia 9 is also affected.
Summary: python-jinja2 new security issue CVE-2024-34064 => python-jinja2 new security issues CVE-2024-22195 and CVE-2024-34064CVE: CVE-2024-34064 => CVE-2024-22195, CVE-2024-34064Status comment: Fixed upstream in 3.1.4 and patch available from upstream and Ubuntu => Fixed upstream in 3.1.4 and patches available from upstream and Ubuntu
Fixed both mga9 and Cauldron updating to 3.1.4 release!
CC: (none) => geiger.david68210
Assigning to QA, Package in 9/Core/Updates_testing: ===================== python3-jinja2-3.1.4-1.mga9.noarch.rpm From SRPMS: python-jinja2-3.1.4-1.mga9.src.rpm
Whiteboard: MGA9TOO => (none)Assignee: bugsquad => qa-bugs
Keywords: (none) => advisory
RH mageia 9 x86_64 LC_ALL=C urpmi --auto --auto-update medium "QA Testing (64-bit)" is up-to-date medium "Core Release (distrib1)" is up-to-date medium "Core Updates (distrib3)" is up-to-date medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date medium "Tainted Updates (distrib23)" is up-to-date medium "Core 32bit Release (distrib31)" is up-to-date medium "Core 32bit Updates (distrib32)" is up-to-date medium "Nonfree 32bit Release (distrib36)" is up-to-date medium "Tainted 32bit Release (distrib41)" is up-to-date medium "Tainted 32bit Updates (distrib42)" is up-to-date installing python3-jinja2-3.1.4-1.mga9.noarch.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/1: python3-jinja2 ################################################################################################## 1/1: removing python3-jinja2-3.1.2-1.mga9.noarch ################################################################################################## Run the test referenced in bug#28461 comment#7 (after make the needed correction) python3 Descargas/jinja-test.py Hello. If you see this with no errors then it worked :)
Whiteboard: (none) => MGA9-64-OKCC: (none) => andrewsfarm
Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Version: Cauldron => 9CC: (none) => dan
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0199.html
Status: NEW => RESOLVEDResolution: (none) => FIXED