Release date:
2025-12-08 17:28:39 UTC
Description:
* SECURITY UPDATE: ReDoS in tarfile module when parsing specially
crafted tar archive headers
- debian/patches/CVE-2024-6232.patch: Remove backtracking from
tarfile header parsing
* SECURITY UPDATE: DoS due to quadratic time complexity in http.cookies
module when parsing quoted cookie values with backslashes
- debian/patches/CVE-2024-7592.patch: Replace iterative regex search
with single-pass substitution to eliminate quadratic complexity
* SECURITY UPDATE: Command injection vulnerability in venv module activation
scripts when virtual environment paths contain special shell characters
- debian/patches/CVE-2024-9287.patch: Properly quote template
strings in venv activation scripts
Updated packages:
-
alt-python37_3.7.17-5_amd64.deb
sha:35cf2cb86377f3314a7e67c624f2f27a0c9c27e9
-
alt-python37-debug_3.7.17-5_amd64.deb
sha:49a3e0125832a844fe6ef555108821fb517cc544
-
alt-python37-devel_3.7.17-5_amd64.deb
sha:a16096907afc12dbcef8f3561feef6bfd7592412
-
alt-python37-libs_3.7.17-5_amd64.deb
sha:c798cdfa54e547e61020aa2f69cf61d84c1c72f8
-
alt-python37-test_3.7.17-5_amd64.deb
sha:e3dea531903f4bacd94f26eabbda9c6481f5d7d3
-
alt-python37-tkinter_3.7.17-5_amd64.deb
sha:8fda444354523ff94b9eb9f45d91a5b21054125a
-
alt-python37-tools_3.7.17-5_amd64.deb
sha:4eb018fa8b107fcc79fddf3435be09e3583f6679
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
