5 matches found
CLSA-2026-1777998709 python2: Fix of 3 CVEs
CVE-2025-8194: validate that tarfile member offsets are non-negative to prevent infinite loop / DoS during parsing of malicious tar archives - CVE-2026-4519: reject URLs with leading dashes in webbrowser.open to prevent injection of command-line options into spawned browser process -...
CLSA-2026-1777946871 python: Fix of CVE-2026-4519
CVE-2026-4519: reject leading dashes in webbrowser URLs that could be treated as command-line options by external browsers; also close a %action-substitution bypass of the check in UnixBrowser.open...
CLSA-2026-1777946712 python: Fix of CVE-2026-4519
CVE-2026-4519: reject leading dashes in webbrowser URLs that could be treated as command-line options by external browsers; also close a %action-substitution bypass of the check in UnixBrowser.open...
CLSA-2026-1777884819 python3.9: Fix of CVE-2026-4786
CVE-2026-4786: fix webbrowser %action substitution bypass of the dash-prefix safety check by validating the post-substitution URL and expanding %action before %s in UnixBrowser argument assembly...
CLSA-2026-1777454964 python: Fix of 2 CVEs
CVE-2026-4519: reject webbrowser.open URLs with a leading dash to prevent CLI option injection into the spawned browser process - CVE-2026-4786: validate URLs after %action substitution and swap the substitution order in UnixBrowser.open to close a bypass of the CVE-2026-4519 dash-prefix check...