Severity:
('Low', ['ELSLANG-26208'])
Release date:
2026-04-17 09:14:00 UTC
Description:
* SECURITY UPDATE: webbrowser.open() allows command-line option injection
via URLs with leading dashes
- debian/patches/CVE-2026-4519.patch: reject leading dashes in
webbrowser.open() URLs to prevent command-line option injection in
browser subprocesses
- CVE-2026-4519
Updated packages:
-
alt-python38_3.8.20-12_amd64.deb
sha:228893390fb33b660e652baed7b20888ab1181ad
-
alt-python38-debug_3.8.20-12_amd64.deb
sha:01abce4327f88b8c4184d7fe51b3d9109d6185a0
-
alt-python38-devel_3.8.20-12_amd64.deb
sha:5c6e2f4d1c7ccc26191eb1d4264ea416631b343c
-
alt-python38-idle_3.8.20-12_amd64.deb
sha:9f928b0852410bbe2e745128b81d9226e3c8d9ba
-
alt-python38-libs_3.8.20-12_amd64.deb
sha:3cce037978c4f36fee6c729e2928b0f8af52fa4b
-
alt-python38-test_3.8.20-12_amd64.deb
sha:680019292788123b1ef0aa9a5aa5342dde0117a4
-
alt-python38-tkinter_3.8.20-12_amd64.deb
sha:9f8cfa7306c4a06fdda1126dbda993d318517cd6
-
alt-python38_3.8.20-12_arm64.deb
sha:775bdb781cc00d47777a0f5b0dccd5369fa0f5fe
-
alt-python38-debug_3.8.20-12_arm64.deb
sha:c5059852ece9d616add39ea5aa501c9227e67203
-
alt-python38-devel_3.8.20-12_arm64.deb
sha:99ad5673d3df0731cc3643d9b1846fbbbd071a04
-
alt-python38-idle_3.8.20-12_arm64.deb
sha:0fda4471e98562d503238f038e7339708eecace4
-
alt-python38-libs_3.8.20-12_arm64.deb
sha:24b91e212a02d9fc3e546313f1e0e23812fb1bcb
-
alt-python38-test_3.8.20-12_arm64.deb
sha:9054c1be911667b1545d11f33e9f20a412ba17c1
-
alt-python38-tkinter_3.8.20-12_arm64.deb
sha:95cf00544ee8c11a2be2bb465b9b99a1731a4585
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
