Severity:
('Low', ['ELSLANG-26261'])
Release date:
2026-04-17 14:28:40 UTC
Description:
* SECURITY UPDATE: command-line option injection in webbrowser.open()
- debian/patches/CVE-2026-4519.patch: reject leading dashes in
webbrowser.open() URLs to prevent command-line option injection
in browser subprocesses
- CVE-2026-4519
Updated packages:
-
alt-python27_2.7.18-14_amd64.deb
sha:38f0569997eb0def2796adaf77b2f1c46a1c5b8b
-
alt-python27-debug_2.7.18-14_amd64.deb
sha:c6053140f3ac4562a9bfd5c6a9e650f7bcdd8f00
-
alt-python27-devel_2.7.18-14_amd64.deb
sha:2b596a2bcc65892f1e2f855f461e35492cc93159
-
alt-python27-idle_2.7.18-14_amd64.deb
sha:eaa506917d39a76cc060ab748915a338074e7907
-
alt-python27-libs_2.7.18-14_amd64.deb
sha:d6f899f879993c8dd74c8a609c716025f76701fe
-
alt-python27-test_2.7.18-14_amd64.deb
sha:0f0ae3cee7ca2bce189e3bfd1192d81372600e12
-
alt-python27-tkinter_2.7.18-14_amd64.deb
sha:b838e362e0996ae5b791184336e28bc151ef0ce4
-
alt-python27-tools_2.7.18-14_amd64.deb
sha:ca8c5f2b7a94d9ddedb5f6fbbdd4799f3f466c86
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
