Release date:
2026-04-30 11:30:22 UTC
Description:
* SECURITY UPDATE: webbrowser.open accepts URLs with leading dashes
- debian/patches/CVE-2026-4519-CVE-2026-4786.patch: reject URLs whose
lstrip starts with '-' in Lib/webbrowser.py; also fix bypass via
%action substitution in UnixBrowser.open().
- CVE-2026-4519
- CVE-2026-4786
Updated packages:
-
idle-python3.6_3.6.9-1~18.04ubuntu1.12+tuxcare.els21_all.deb
sha:67c3d30cfc58341c16feb06d670c2af96c99ba6a
-
libpython3.6_3.6.9-1~18.04ubuntu1.12+tuxcare.els21_amd64.deb
sha:9efeb38827e4b5510310b68d4c8de19d08ae70dc
-
libpython3.6-dev_3.6.9-1~18.04ubuntu1.12+tuxcare.els21_amd64.deb
sha:9f7ecc3cac7a9f40fc68ebdd4dfc63bcfa084e49
-
libpython3.6-minimal_3.6.9-1~18.04ubuntu1.12+tuxcare.els21_amd64.deb
sha:bf2574463ca91dd666f0ed33ef21ce55aceb204f
-
libpython3.6-stdlib_3.6.9-1~18.04ubuntu1.12+tuxcare.els21_amd64.deb
sha:596e084ca868dab93bc439dc1a8685cafe105b00
-
libpython3.6-testsuite_3.6.9-1~18.04ubuntu1.12+tuxcare.els21_all.deb
sha:cca2274bb9bc4e0275e2088ef2846a18cb2469bf
-
python3.6_3.6.9-1~18.04ubuntu1.12+tuxcare.els21_amd64.deb
sha:49ee949fc68cb950c5100e00acd8494809a99273
-
python3.6-dev_3.6.9-1~18.04ubuntu1.12+tuxcare.els21_amd64.deb
sha:4c2f08f7d48a93c1fd3db3cb18be85873ce11720
-
python3.6-doc_3.6.9-1~18.04ubuntu1.12+tuxcare.els21_all.deb
sha:90ba5e028d224dbc19853d4593bd98db3ff9f6c3
-
python3.6-examples_3.6.9-1~18.04ubuntu1.12+tuxcare.els21_all.deb
sha:07b0b38c6a8d4985cfa176e24cb9a22517ce42f5
-
python3.6-minimal_3.6.9-1~18.04ubuntu1.12+tuxcare.els21_amd64.deb
sha:cdbf0d7d1ade47a988e885672c7dd44adf109503
-
python3.6-venv_3.6.9-1~18.04ubuntu1.12+tuxcare.els21_amd64.deb
sha:e1b76011d13a422f583520a48f6c923391e7893e
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
