]> git.ipfire.org Git - thirdparty/jinja.git/commit
projects / thirdparty / jinja.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5662125) | patch
Fix CVE-2014-0012
authorTomas Hoger <thoger@redhat.com>
Sun, 9 Feb 2014 08:40:59 +0000 (09:40 +0100)
committerArmin Ronacher <armin.ronacher@active-4.com>
Fri, 6 Jun 2014 16:47:51 +0000 (22:47 +0600)
commit964c61ce79f6748ff8c583e2eb12ec54082bf188
tree903263dfa1c0f6aebd387494f8b273534eb8975btree
parent5662125f794f41ac73849a95a9e572e0e5a98b4ecommit | diff
Fix CVE-2014-0012

Add checks for the per-user temporary directory.  If it already exists, make
sure that it:
- is owned by the current user
- is directory
- has expected permissions

This commit also fixes:
- nt -> n typo pointed out in the review of acb672b
- replace 448 with stat.S_IRWXU when setting directory mode

Signed-off-by: Armin Ronacher <armin.ronacher@active-4.com>
jinja2/bccache.py diff | blob | blame | history
Mirror of https://github.com/pallets/jinja.git