| Description: | Jinja2 is a template engine written in pure Python. It provides aDjango-inspired, non-XML syntax but supports inline expressions and anoptional sandboxed environment.It was discovered that Jinja2 did not properly handle bytecode cache filesstored in the system's temporary directory. A local attacker could use thisflaw to alter the output of an application using Jinja2 andFileSystemBytecodeCache, and potentially execute arbitrary code with theprivileges of that application. (CVE-2014-1402)All python-jinja2 users are advised to upgrade to these updated packages,which contain a backported patch to correct this issue. For the update totake effect, all applications using python-jinja2 must be restarted. |