Severity:
('Low', ['ELSLANG-26250'])
Release date:
2026-04-17 10:17:17 UTC
Description:
* SECURITY UPDATE: command-line option injection in webbrowser.open()
- debian/patches/CVE-2026-4519.patch: reject leading dashes in
webbrowser.open() URLs to prevent command-line option injection
in browser subprocesses
- CVE-2026-4519
Updated packages:
-
alt-python36_3.6.15-29_amd64.deb
sha:a84545b4646714233e61b883a3f8d9f7e3126660
-
alt-python36-debug_3.6.15-29_amd64.deb
sha:ef7c61d4465c374ca15be78cc1f624db7acb69c6
-
alt-python36-devel_3.6.15-29_amd64.deb
sha:bd1ae71b81653297aa960e6274b51dbfe145bd7c
-
alt-python36-libs_3.6.15-29_amd64.deb
sha:39fb1adbbaf28d518fa51e5816b24fb8117337d5
-
alt-python36-test_3.6.15-29_amd64.deb
sha:3fcc14ed3baf9cf019e00c7fd6fdf8ce8032c51a
-
alt-python36-tkinter_3.6.15-29_amd64.deb
sha:20327a7410dd9848f0ab69f33cccdc3f85d8bb11
-
alt-python36-tools_3.6.15-29_amd64.deb
sha:41b53aa67c66d17d1e6a0a8b3525b641c52af8b4
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
