Hi Moritz,
> I've never used that myself either, but reading up on the documentation
> it's so full of caveats that I doubt these are really severe issues. Unless
> someone has credible clams of the contrary I'm inclined to mark these as
> no-dsa for stretch.
Thanks. We'll go for no-dsa in jessie
On Sun, Apr 14, 2019 at 12:14:04PM +0200, Hugo Lefeuvre wrote:
> Dear Piotr, security team,
>
> I am currently working on CVE-2019-10906 and CVE-2016-10745, trying to
> decide if preparing an LTS upload for these issues is worth the trouble.
>
> These issues seem to absolutely break the jinja2 sa
Dear Piotr, security team,
I am currently working on CVE-2019-10906 and CVE-2016-10745, trying to
decide if preparing an LTS upload for these issues is worth the trouble.
These issues seem to absolutely break the jinja2 sandbox, so if sandboxes
are really used, then we should definitely fix them.
