CLSA-2026-1777946894 Fix CVE(s): CVE-2022-0391, CVE-2022-45061, CVE-2024-7592, CVE-2026-4519
SECURITY UPDATE: URL parsing accepts ASCII tab/CR/LF URL smuggling - debian/patches/CVE-2022-0391.patch: sanitise tab, CR, LF anywhere in URL/scheme inside urlsplit before cache lookup, plus regression test in Lib/urlparse.py, Lib/test/testurlparse.py. - CVE-2022-0391 SECURITY UPDATE: Quadratic...