Release date:
2026-04-28 17:05:11 UTC
Description:
* SECURITY UPDATE: zipfile quoted-overlap zip bomb
- debian/patches/CVE-2024-0450.patch: raise BadZipFile when an
archive entry overlaps with another entry or the central
directory, preventing quoted-overlap zip bombs with extreme
compression ratios.
- CVE-2024-0450
* SECURITY UPDATE: use-after-free in lzma/bz2 decompressors
- debian/patches/CVE-2026-6100.patch: null next_in at the error:
label of decompress() in Modules/_bz2module.c and
Modules/_lzmamodule.c so the decompressor cannot be re-used
with a stale buffer pointer after a MemoryError.
- CVE-2026-6100
Updated packages:
-
alt-python37_3.7.17-16_amd64.deb
sha:507f5dbd0b8e0be287ffbbaba77b0330473bc88d
-
alt-python37-debug_3.7.17-16_amd64.deb
sha:f6b7488a44b18178d80cd5e46b8a369d1e1ab87a
-
alt-python37-devel_3.7.17-16_amd64.deb
sha:d27de875b6f8ec0e80d9cc85fe899788dcb36885
-
alt-python37-libs_3.7.17-16_amd64.deb
sha:ccebbd270d334e278ee4599aefd957d67d9c95a2
-
alt-python37-test_3.7.17-16_amd64.deb
sha:e2858ef8bcaade5919710bcafef5940a5ffbac71
-
alt-python37-tkinter_3.7.17-16_amd64.deb
sha:b3540419e97909f4b6b4183e9040e681db2dc12c
-
alt-python37-tools_3.7.17-16_amd64.deb
sha:1a5268bd030fbf9c1e9b7c9bc878064a08081646
-
alt-python37_3.7.17-16_arm64.deb
sha:f4a7d796aa71cdb4f537ec222fa7810bf9fcf078
-
alt-python37-debug_3.7.17-16_arm64.deb
sha:37a6c71532b88871e4a553519c7164b2058d3d2f
-
alt-python37-devel_3.7.17-16_arm64.deb
sha:1dc21bbc981f47a12e93d39c7ccc24e6a747503b
-
alt-python37-libs_3.7.17-16_arm64.deb
sha:3a1ef7204c02be6d5a18b7d199ea1818534ca905
-
alt-python37-test_3.7.17-16_arm64.deb
sha:d756c46e4dc846c6171e4987749d57fe15c0f0a5
-
alt-python37-tkinter_3.7.17-16_arm64.deb
sha:38aafdf7f0552c16ec0e44cb4b9cef732dc59d98
-
alt-python37-tools_3.7.17-16_arm64.deb
sha:b0f6b421acef604ea20e5a297eedfe69cb07cb2f
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
