Severity:
('Low', ['ELSLANG-26265'])
Release date:
2026-04-17 14:36:22 UTC
Description:
* SECURITY UPDATE: command-line option injection in webbrowser.open()
- debian/patches/CVE-2026-4519.patch: reject leading dashes in
webbrowser.open() URLs to prevent command-line option injection
in browser subprocesses
- CVE-2026-4519
Updated packages:
-
alt-python27_2.7.18-14_amd64.deb
sha:65b7c00c443348faf1324607080bf13244159013
-
alt-python27-debug_2.7.18-14_amd64.deb
sha:4c5815b681cca5318ce4842166cd6cba66c40e7a
-
alt-python27-devel_2.7.18-14_amd64.deb
sha:bb8ccc3134471a7943a0ae926191eef918029386
-
alt-python27-idle_2.7.18-14_amd64.deb
sha:a966c979685fa1c02258b323513c638ca9cab082
-
alt-python27-libs_2.7.18-14_amd64.deb
sha:7b9843a100ef587a6a9300a192fbe3dfb26b3dde
-
alt-python27-test_2.7.18-14_amd64.deb
sha:33326e5640f46e788aa1084c0787f61d393d7562
-
alt-python27-tkinter_2.7.18-14_amd64.deb
sha:9d75abcd3cee74812e7778b755dbea4ad6da3e1e
-
alt-python27-tools_2.7.18-14_amd64.deb
sha:f45b2b9a872640025c1187bf50aad16826231ab6
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
