ALT Linux Team

Branch p10_e2k update on 2024-03-28

2024-03-28

ALT-BU-2024-4717-1

Branch p10_e2k update bulletin.

ALT-PU-2024-4711-1

Package python3-module-pycryptodomex updated to version 3.20.0-alt1 for branch p10_e2k.

Closed bugs

Bug #49419

>= 3.19.1

ALT-PU-2024-4713-1

Package python3-module-GitPython updated to version 3.1.42-alt0.p10.1 for branch p10_e2k.

Closed bugs

Bug #49418

>= 3.1.41

ALT-PU-2024-4714-1

Package uget updated to version 2.2.3-alt2 for branch p10_e2k.

Closed bugs

Bug #37701

Нет файлов локализации.

Bug #49294

нет русской локализации в интерфейсе uget

ALT-PU-2024-4715-1

Package python3-module-jinja2 updated to version 3.0.1-alt1.p10.1 for branch p10_e2k.

Closed vulnerabilities

Published: 2024-01-10

BDU:2024-00884

Уязвимость фильтра xmlattr шаблонизатора Jinja2 для языка программирования Python, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)

Severity: MEDIUM (6.1) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Published: 2024-01-11
Modified: 2025-02-13

CVE-2024-22195

Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:

ALT-PU-2024-4716-1

Package apt updated to version 0.5.15lorg2-alt87 for branch p10_e2k.

Closed bugs

Bug #49694

Игнорировать reason-phrase по http

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top