2 matches found
CLSA-2026-1777944042 Fix CVE(s): CVE-2025-8194, CVE-2026-4519, CVE-2026-4786
SECURITY UPDATE: tarfile DoS via negative member offsets - debian/patches/CVE-2025-8194.patch: validate that member offsets are non-negative in Lib/tarfile.py. - CVE-2025-8194 SECURITY UPDATE: webbrowser.open accepts URLs with leading dashes - debian/patches/CVE-2026-4519-CVE-2026-4786.patch:...
CLSA-2025-1760711358 Fix CVE(s): CVE-2024-38474, CVE-2024-38475
SECURITY UPDATE: modrewrite proxy handler substitution and prefixstat vulnerabilities - debian/patches/CVE-2024-38474-38475-.patch: tighten up prefixstat and %3f handling, add better question mark tracking to avoid UnsafeAllow3F - CVE-2024-38474, CVE-2024-38475...