Severity:
('Low', ['ELSLANG-26213'])
Release date:
2026-04-17 09:18:50 UTC
Description:
* SECURITY UPDATE: webbrowser.open() allows command-line option injection
via URLs with leading dashes
- debian/patches/CVE-2026-4519.patch: reject leading dashes in
webbrowser.open() URLs to prevent command-line option injection in
browser subprocesses
- CVE-2026-4519
Updated packages:
-
alt-python38_3.8.20-12_amd64.deb
sha:ce1126494a499077f9fa74069e03b3e788b7c1fa
-
alt-python38-debug_3.8.20-12_amd64.deb
sha:f1030e0718e7f1654c6bcc40d9ebc5e7259b93b5
-
alt-python38-devel_3.8.20-12_amd64.deb
sha:80eae576634113ecfb5e79e670a8a0dc240c53b1
-
alt-python38-idle_3.8.20-12_amd64.deb
sha:0af876ceee3a14d6788734034f431ed2ad4b6957
-
alt-python38-libs_3.8.20-12_amd64.deb
sha:a69922784558aadeb684ed82a4a7fe4285ec3d0b
-
alt-python38-test_3.8.20-12_amd64.deb
sha:80004f100f32b3a4844b283f28cece3b829f8372
-
alt-python38-tkinter_3.8.20-12_amd64.deb
sha:b6eeb7ed4623fe1de46dbd5f0676596f2df7cada
-
alt-python38_3.8.20-12_arm64.deb
sha:1baacad6b72457dee7f3e32ae104619d98d81ca3
-
alt-python38-debug_3.8.20-12_arm64.deb
sha:5a2501654e80feac23f61c5887848e3e231fb207
-
alt-python38-devel_3.8.20-12_arm64.deb
sha:69ee6e0fd4b320cf5730a1efb1ee7c9d8a1de0a2
-
alt-python38-idle_3.8.20-12_arm64.deb
sha:826a6dbb4cbd131ee02173bdb81373774d24f91a
-
alt-python38-libs_3.8.20-12_arm64.deb
sha:5a10b00c764f17decdb390d9577cceea90b674b6
-
alt-python38-test_3.8.20-12_arm64.deb
sha:3700fc846c68af531a81b32818b4121d824cf010
-
alt-python38-tkinter_3.8.20-12_arm64.deb
sha:63d7f3f811ebc15bffdca07e6ab617e3477e7264
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
