Release date:
2026-04-28 20:54:28 UTC
Description:
* SECURITY UPDATE: zipfile quoted-overlap zip bomb
- debian/patches/CVE-2024-0450.patch: raise BadZipFile when an
archive entry overlaps with another entry or the central
directory, preventing quoted-overlap zip bombs with extreme
compression ratios.
- CVE-2024-0450
* SECURITY UPDATE: use-after-free in lzma/bz2 decompressors
- debian/patches/CVE-2026-6100.patch: null next_in at the error:
label of decompress() in Modules/_bz2module.c and
Modules/_lzmamodule.c so the decompressor cannot be re-used
with a stale buffer pointer after a MemoryError.
- CVE-2026-6100
Updated packages:
-
alt-python36_3.6.15-30_amd64.deb
sha:cc041f9a528b8bea19de9cee959ad6a051fea52b
-
alt-python36-debug_3.6.15-30_amd64.deb
sha:6b77d88c60a853c159e2f8dc630eadc21e6ee9c7
-
alt-python36-devel_3.6.15-30_amd64.deb
sha:4f54403f4b0bf21f6777cead2c9479ffb02b8db4
-
alt-python36-libs_3.6.15-30_amd64.deb
sha:e26bc60628abe41d6974d15fa44cb7d5ce90fc1f
-
alt-python36-test_3.6.15-30_amd64.deb
sha:04ee096bef310fcd4d6cd1483b8b817f9aaf40ce
-
alt-python36-tkinter_3.6.15-30_amd64.deb
sha:1d05679fc5d0ace6c0bcf3283ed1b8fd1e381ba5
-
alt-python36-tools_3.6.15-30_amd64.deb
sha:b2f028cb3c03d210ae0651e47de38ee454bb4ff4
-
alt-python36_3.6.15-30_arm64.deb
sha:76eab5c6e976027fcea291d470e467b64a0f4d73
-
alt-python36-debug_3.6.15-30_arm64.deb
sha:c8745e0dca983737b8540413bb749a47ba2eeb77
-
alt-python36-devel_3.6.15-30_arm64.deb
sha:e52c60946a9c867eb30ae3a155a7b759bf469f94
-
alt-python36-libs_3.6.15-30_arm64.deb
sha:d2b9ba608b0b5b5cf6df9600d0866f6dfe0231b7
-
alt-python36-test_3.6.15-30_arm64.deb
sha:bf09bc5793f7ba248e7b844c418c5a391c2d78b5
-
alt-python36-tkinter_3.6.15-30_arm64.deb
sha:0b384ae63c4d44312c036d3152d2071533dfa066
-
alt-python36-tools_3.6.15-30_arm64.deb
sha:a4f8836fbd8d2890040592a71dee8c70232df7ad
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
