python security update

CentOS Errata and Security Advisory CESA-2014:0747

Jinja2 is a template engine written in pure Python. It provides a
Django-inspired, non-XML syntax but supports inline expressions and an
optional sandboxed environment.

It was discovered that Jinja2 did not properly handle bytecode cache files
stored in the system’s temporary directory. A local attacker could use this
flaw to alter the output of an application using Jinja2 and
FileSystemBytecodeCache, and potentially execute arbitrary code with the
privileges of that application. (CVE-2014-1402)

All python-jinja2 users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. For the update to
take effect, all applications using python-jinja2 must be restarted.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2014-June/082529.html

Affected packages:
python-jinja2

Upstream details at:
https://access.redhat.com/errata/RHSA-2014:0747