Severity:
('Low', ['ELSLANG-26260'])
Release date:
2026-04-17 14:44:02 UTC
Description:
* SECURITY UPDATE: command-line option injection in webbrowser.open()
- debian/patches/CVE-2026-4519.patch: reject leading dashes in
webbrowser.open() URLs to prevent command-line option injection
in browser subprocesses
- CVE-2026-4519
Updated packages:
-
alt-python36_3.6.15-29_amd64.deb
sha:3a1743cde102f70a249140809817e0c986f9565d
-
alt-python36-debug_3.6.15-29_amd64.deb
sha:ad6a5f44896220cda729e132e62efecbf8573db9
-
alt-python36-devel_3.6.15-29_amd64.deb
sha:b33b7c83182df46fa0b2357df51eb45a983433be
-
alt-python36-libs_3.6.15-29_amd64.deb
sha:7f694060f6355c655257c7ca76c7b12508e71e4a
-
alt-python36-test_3.6.15-29_amd64.deb
sha:4cc1f21fb58bd1ecd198daae01b9ce5a98a15fb9
-
alt-python36-tkinter_3.6.15-29_amd64.deb
sha:d65215f2552d112cef0ab441258f82e2257c0abe
-
alt-python36-tools_3.6.15-29_amd64.deb
sha:f5fd262b11a4ddb8b8ea897b39ee7adf98d9abc7
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
