Severity:
('Low', ['ELSLANG-26248'])
Release date:
2026-04-17 10:13:17 UTC
Description:
* SECURITY UPDATE: command-line option injection in webbrowser.open()
- debian/patches/CVE-2026-4519.patch: reject leading dashes in
webbrowser.open() URLs to prevent command-line option injection
in browser subprocesses
- CVE-2026-4519
Updated packages:
-
alt-python36_3.6.15-29_amd64.deb
sha:4c1d96c982dec53939b443f34a8ae9bcd1b3133f
-
alt-python36-debug_3.6.15-29_amd64.deb
sha:74b95b6a853adfda77849234702e30b60e187d09
-
alt-python36-devel_3.6.15-29_amd64.deb
sha:67502b2febd3b355ad1faabe2a657bc0de10a314
-
alt-python36-libs_3.6.15-29_amd64.deb
sha:4a84f59ca227982f0eff04bc469dd7dc29f503dd
-
alt-python36-test_3.6.15-29_amd64.deb
sha:198adc6a4b0aa52340c05b06079530a5c31c08ea
-
alt-python36-tkinter_3.6.15-29_amd64.deb
sha:dafb092602081769e4916115eaa2c423c036b7b0
-
alt-python36-tools_3.6.15-29_amd64.deb
sha:1d136ae368788e4099f953363625659bc7f7edd6
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
