Release date:
2026-04-30 11:27:43 UTC
Description:
* SECURITY UPDATE: webbrowser.open accepts URLs with leading dashes
- debian/patches/CVE-2026-4519-CVE-2026-4786.patch: reject URLs whose
lstrip starts with '-' in Lib/webbrowser.py; also fix bypass via
%action substitution in UnixBrowser.open().
- CVE-2026-4519
- CVE-2026-4786
Updated packages:
-
idle-python3.5_3.5.2-2ubuntu0~16.04.13+tuxcare.els24_all.deb
sha:9ca99252eafacd3fadcfbe5503233db70697c815
-
libpython3.5_3.5.2-2ubuntu0~16.04.13+tuxcare.els24_amd64.deb
sha:30e6b2acf9fe93225243951975561fe945815c12
-
libpython3.5-dev_3.5.2-2ubuntu0~16.04.13+tuxcare.els24_amd64.deb
sha:3f00a8c14df3ead4577e1d8cdc6e6574734070db
-
libpython3.5-minimal_3.5.2-2ubuntu0~16.04.13+tuxcare.els24_amd64.deb
sha:831b7dcd1f9bd570fa39dc9698e684230df56f5d
-
libpython3.5-stdlib_3.5.2-2ubuntu0~16.04.13+tuxcare.els24_amd64.deb
sha:2d0ff79d8a424973c72ca2424ae7278e5235d992
-
libpython3.5-testsuite_3.5.2-2ubuntu0~16.04.13+tuxcare.els24_all.deb
sha:471761bd0bf65cb7b3553e238665f817fa5f0b3d
-
python3.5_3.5.2-2ubuntu0~16.04.13+tuxcare.els24_amd64.deb
sha:6aa35d12e4df7806a5f6dc6acfc35b8780667ff8
-
python3.5-dev_3.5.2-2ubuntu0~16.04.13+tuxcare.els24_amd64.deb
sha:bb5a0fca387357a90b04661c323b13bbdfab9816
-
python3.5-doc_3.5.2-2ubuntu0~16.04.13+tuxcare.els24_all.deb
sha:8ac3a561cce229e19342737410f19437fb580fb0
-
python3.5-examples_3.5.2-2ubuntu0~16.04.13+tuxcare.els24_all.deb
sha:6a7e9d2f2339c6e1815dea2c4b296a4623e3e642
-
python3.5-minimal_3.5.2-2ubuntu0~16.04.13+tuxcare.els24_amd64.deb
sha:8c1d6f76de5f7727c4c0b55070064bd2e0d79a25
-
python3.5-venv_3.5.2-2ubuntu0~16.04.13+tuxcare.els24_amd64.deb
sha:fdcf14fef2d93103d387b9d772c685e06437f461
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
