Release date:
2025-12-08 17:26:19 UTC
Description:
* SECURITY UPDATE: ReDoS in tarfile module when parsing specially
crafted tar archive headers
- debian/patches/CVE-2024-6232.patch: Remove backtracking from
tarfile header parsing
* SECURITY UPDATE: DoS due to quadratic time complexity in http.cookies
module when parsing quoted cookie values with backslashes
- debian/patches/CVE-2024-7592.patch: Replace iterative regex search
with single-pass substitution to eliminate quadratic complexity
* SECURITY UPDATE: Command injection vulnerability in venv module activation
scripts when virtual environment paths contain special shell characters
- debian/patches/CVE-2024-9287.patch: Properly quote template
strings in venv activation scripts
Updated packages:
-
alt-python37_3.7.17-5_amd64.deb
sha:7e09c87f5f85ed4a859acee2ce4996a4f9065ba3
-
alt-python37-debug_3.7.17-5_amd64.deb
sha:6e5d9ff859a34341b8aef1cbe1af3e31c7096b6e
-
alt-python37-devel_3.7.17-5_amd64.deb
sha:410d08ddd1a1be88ccfb7b259adcf4ccb63f5325
-
alt-python37-libs_3.7.17-5_amd64.deb
sha:f57b5c141f000f603d5eed244309e5543947e10b
-
alt-python37-test_3.7.17-5_amd64.deb
sha:eacb848b2adaeee60afe7875fc28256f942a288a
-
alt-python37-tkinter_3.7.17-5_amd64.deb
sha:9f94d8533fe441a448db2702e96df0211aa31db3
-
alt-python37-tools_3.7.17-5_amd64.deb
sha:c2c1f5b8131acdd7aeb6bb874b8a606977c746b0
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
