Severity:
('Low', ['ELSLANG-26214'])
Release date:
2026-04-17 11:34:44 UTC
Description:
* SECURITY UPDATE: webbrowser.open() accepts leading dashes in URLs which
could be interpreted as command-line options by web browsers
- debian/patches/CVE-2026-4519.patch: reject URLs starting with dashes
in BaseBrowser._check_url() before passing to subprocess
- CVE-2026-4519
Updated packages:
-
alt-python39_3.9.23-10_amd64.deb
sha:6e8bc8b56f2a1f6dd0bc6d4410cae543328efa47
-
alt-python39-debug_3.9.23-10_amd64.deb
sha:1728baf490a6a7863dd63b3be38b7347deb3844c
-
alt-python39-devel_3.9.23-10_amd64.deb
sha:93d795f4219f43e86ce5fd13606c6c601d784dd8
-
alt-python39-idle_3.9.23-10_amd64.deb
sha:ca10172b5a8127b6a6f0774f7175e2729d0e3efb
-
alt-python39-libs_3.9.23-10_amd64.deb
sha:90c36ff6ad4537a183e535943d586fecc504ee11
-
alt-python39-test_3.9.23-10_amd64.deb
sha:df4e18cfc45d57dbbc6f454cb8ebc5e83d0aa126
-
alt-python39-tkinter_3.9.23-10_amd64.deb
sha:b58d2794d23002be9258669d41dbdaf792907f87
-
alt-python39_3.9.23-10_arm64.deb
sha:ea5c9bb80d89c3cd8c50d9d1a26c22d38cfb7cb5
-
alt-python39-debug_3.9.23-10_arm64.deb
sha:9ab841ab4ae37006dc83842a944d0c827a7a6cc2
-
alt-python39-devel_3.9.23-10_arm64.deb
sha:569ddca6a7510f28e296797641dc67061a846287
-
alt-python39-idle_3.9.23-10_arm64.deb
sha:b10849e03cbb9607db56c2b1840ec84c51ed5414
-
alt-python39-libs_3.9.23-10_arm64.deb
sha:9d49899748622556742eceab47e0ef443d3d1925
-
alt-python39-test_3.9.23-10_arm64.deb
sha:55a61268390685b826824e031d54dc364d3948ff
-
alt-python39-tkinter_3.9.23-10_arm64.deb
sha:8992aaf02e75ab2ef1547377bde45feb641a9eed
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
