Severity:
('Low', ['ELSLANG-26209'])
Release date:
2026-04-17 11:30:12 UTC
Description:
* SECURITY UPDATE: webbrowser.open() accepts leading dashes in URLs which
could be interpreted as command-line options by web browsers
- debian/patches/CVE-2026-4519.patch: reject URLs starting with dashes
in BaseBrowser._check_url() before passing to subprocess
- CVE-2026-4519
Updated packages:
-
alt-python39_3.9.23-10_amd64.deb
sha:d616b90c7e6650a03133c2889ccd83b23c550c2b
-
alt-python39-debug_3.9.23-10_amd64.deb
sha:1728baf490a6a7863dd63b3be38b7347deb3844c
-
alt-python39-devel_3.9.23-10_amd64.deb
sha:00bb37fed4701fe50dc244773398fd0ce0d99b4b
-
alt-python39-idle_3.9.23-10_amd64.deb
sha:59744a4c24f8d48b1613c359d6489f7405cd98e6
-
alt-python39-libs_3.9.23-10_amd64.deb
sha:a87c07414349961adfc85ff5ecd4720a9a7d9ac0
-
alt-python39-test_3.9.23-10_amd64.deb
sha:83ca6e327c9929c76e45d66cd529a1e3acf863c5
-
alt-python39-tkinter_3.9.23-10_amd64.deb
sha:fd48d69407933dcf60e2247f9420ec2017dda26d
-
alt-python39_3.9.23-10_arm64.deb
sha:820ee5aa448098b7437625201b7b2fbbaf548dc9
-
alt-python39-debug_3.9.23-10_arm64.deb
sha:9ab841ab4ae37006dc83842a944d0c827a7a6cc2
-
alt-python39-devel_3.9.23-10_arm64.deb
sha:bd62d7e58d3bf5ce69a145af55d025da4da28495
-
alt-python39-idle_3.9.23-10_arm64.deb
sha:bcef49d0c65a947624009c73e7bfcae7860db5d5
-
alt-python39-libs_3.9.23-10_arm64.deb
sha:120602179a93693c87c8b9089fb0181894a9004c
-
alt-python39-test_3.9.23-10_arm64.deb
sha:824993267472a538204b5db777f0e9bf5892359e
-
alt-python39-tkinter_3.9.23-10_arm64.deb
sha:ec62efc33191ca05f69f8884eb3bf0efe1a1d808
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
