Severity:
('Low', ['ELSLANG-26263'])
Release date:
2026-04-17 14:32:40 UTC
Description:
* SECURITY UPDATE: command-line option injection in webbrowser.open()
- debian/patches/CVE-2026-4519.patch: reject leading dashes in
webbrowser.open() URLs to prevent command-line option injection
in browser subprocesses
- CVE-2026-4519
Updated packages:
-
alt-python27_2.7.18-14_amd64.deb
sha:8edbcedbf4aed8577596220e4ee33557c1336eaf
-
alt-python27-debug_2.7.18-14_amd64.deb
sha:7d3c2c4d5def6aac723cd1c7d3ce7de7e6d61480
-
alt-python27-devel_2.7.18-14_amd64.deb
sha:955763a35b6090a2c9cbe7ba3b42d2cefa93b543
-
alt-python27-idle_2.7.18-14_amd64.deb
sha:eaa506917d39a76cc060ab748915a338074e7907
-
alt-python27-libs_2.7.18-14_amd64.deb
sha:664f3fae53444a24963ae1331df8248b9c21cd39
-
alt-python27-test_2.7.18-14_amd64.deb
sha:23101d2a062d39e2c4faacc20f021ea203e88011
-
alt-python27-tkinter_2.7.18-14_amd64.deb
sha:46b4f6a05f71bba7c5f04f57f0514359e7041992
-
alt-python27-tools_2.7.18-14_amd64.deb
sha:ca8c5f2b7a94d9ddedb5f6fbbdd4799f3f466c86
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
