Release date:
2026-04-14 09:22:49 UTC
Description:
* SECURITY UPDATE: regex denial of service via crafted HTML
- debian/patches/CVE-2022-40897.patch: limit whitespace matching in REL regex
- CVE-2022-40897
* SECURITY UPDATE: remote code execution via command injection in VCS downloads
- debian/patches/CVE-2024-6345.patch: replace os.system with subprocess.check_call
- CVE-2024-6345
* SECURITY UPDATE: path traversal in download filename resolution
- debian/patches/CVE-2025-47273.patch: validate download filename stays within tmpdir
- CVE-2025-47273
Updated packages:
-
alt-python38-setuptools_58.3.0-3_all.deb
sha:b4521f1e1164c43eb27983b7e860638ddad99045
-
alt-python38-setuptools-wheel_58.3.0-3_all.deb
sha:ce9867d701d9fb343dc610c34be29324e6a4b874
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
