CVE-2014-1402 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1402): The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp. CVE-2014-0012 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0012): FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402.
*** This bug has been marked as a duplicate of bug 497690 ***