Severity:
('Low', ['ELSLANG-26264'])
Release date:
2026-04-17 14:51:44 UTC
Description:
* SECURITY UPDATE: command-line option injection in webbrowser.open()
- debian/patches/CVE-2026-4519.patch: reject leading dashes in
webbrowser.open() URLs to prevent command-line option injection
in browser subprocesses
- CVE-2026-4519
Updated packages:
-
alt-python36_3.6.15-29_amd64.deb
sha:95adad0b8ed8c0b2bc3e9e588dcd34d8ee6dbad1
-
alt-python36-debug_3.6.15-29_amd64.deb
sha:99ee8465094ad4f9263d5a698cf6e6c00a32d1f2
-
alt-python36-devel_3.6.15-29_amd64.deb
sha:d0421354abea540051f0810fbaf609cc2febc49a
-
alt-python36-libs_3.6.15-29_amd64.deb
sha:70562cacbecd4da0778ec97155bc36198ee44c50
-
alt-python36-test_3.6.15-29_amd64.deb
sha:8f96de9a6043af4fb3e33baa78353cac0788b408
-
alt-python36-tkinter_3.6.15-29_amd64.deb
sha:41309a90f424e132fac8a6da20c3b1335ec24441
-
alt-python36-tools_3.6.15-29_amd64.deb
sha:1ce3f3ccb102788a7b79163bccb81adf02661802
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
