Release date:
2026-04-28 14:01:06 UTC
Description:
* SECURITY UPDATE: zipfile quoted-overlap zip bomb
- debian/patches/CVE-2024-0450.patch: raise BadZipFile when an
archive entry overlaps with another entry or the central
directory, preventing quoted-overlap zip bombs with extreme
compression ratios.
- CVE-2024-0450
* SECURITY UPDATE: use-after-free in lzma/bz2 decompressors
- debian/patches/CVE-2026-6100.patch: null next_in at the error:
label of decompress() in Modules/_bz2module.c and
Modules/_lzmamodule.c so the decompressor cannot be re-used
with a stale buffer pointer after a MemoryError.
- CVE-2026-6100
Updated packages:
-
alt-python36_3.6.15-30_amd64.deb
sha:9ce408ddcec4df0e19954f691807aaafa14be20a
-
alt-python36-debug_3.6.15-30_amd64.deb
sha:269ac77cc1a49a4b7be85db0ebcca1e4205aa933
-
alt-python36-devel_3.6.15-30_amd64.deb
sha:32e6905f7b244b1e23c9a55045ae25d9e372cca9
-
alt-python36-libs_3.6.15-30_amd64.deb
sha:62ca190638446029d90d8d47600ca257abea6962
-
alt-python36-test_3.6.15-30_amd64.deb
sha:95aaf4fe4310394a45ccdaf61b4a048b2644bc15
-
alt-python36-tkinter_3.6.15-30_amd64.deb
sha:b80f56e3677ab4d7998814286255de2b1ca4e1b2
-
alt-python36-tools_3.6.15-30_amd64.deb
sha:d4cbd154e88c16022c5052c10e0d07df5c04bd82
-
alt-python36_3.6.15-30_arm64.deb
sha:dfb9cfc204e93fdbde948cf80fc2582360c1eefc
-
alt-python36-debug_3.6.15-30_arm64.deb
sha:8809e27e85983035ab73067e5b2ed9260fc18647
-
alt-python36-devel_3.6.15-30_arm64.deb
sha:6ccbd1b702adfc9bde2a3c5161dd4c7126638bc7
-
alt-python36-libs_3.6.15-30_arm64.deb
sha:be9b2089217d452c1f94eb357051d4266b1a912a
-
alt-python36-test_3.6.15-30_arm64.deb
sha:d4865b851125c22a7fa2a4cb4d1840d693e9a7e5
-
alt-python36-tkinter_3.6.15-30_arm64.deb
sha:ef697cea90ef44d09ca7e5a8e6d75906d8a01ca3
-
alt-python36-tools_3.6.15-30_arm64.deb
sha:77b4cef866e6863972b1970b91271204e499c4a7
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
