Severity:
('Low', ['ELSLANG-26262'])
Release date:
2026-04-17 14:47:42 UTC
Description:
* SECURITY UPDATE: command-line option injection in webbrowser.open()
- debian/patches/CVE-2026-4519.patch: reject leading dashes in
webbrowser.open() URLs to prevent command-line option injection
in browser subprocesses
- CVE-2026-4519
Updated packages:
-
alt-python36_3.6.15-29_amd64.deb
sha:34579677d43f850d01d3d8bf595b9fb6d84cc4bd
-
alt-python36-debug_3.6.15-29_amd64.deb
sha:4f2ef019798dde96f9e9b39beecfc4b73fffecb6
-
alt-python36-devel_3.6.15-29_amd64.deb
sha:820510681ae946c00408dffc6a60ac55421b16fb
-
alt-python36-libs_3.6.15-29_amd64.deb
sha:06e5a54083b4f76abea208940a9e81b1853f0447
-
alt-python36-test_3.6.15-29_amd64.deb
sha:c116526b887066096c61c557d09d453f09e4b58a
-
alt-python36-tkinter_3.6.15-29_amd64.deb
sha:554d5443550a1360b895be155a351807204abc53
-
alt-python36-tools_3.6.15-29_amd64.deb
sha:c7d20376c7e54f34d7a3bfb63927357d4fd215aa
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
