Release date:
2026-04-14 09:19:06 UTC
Description:
* SECURITY UPDATE: regex denial of service via crafted HTML
- debian/patches/CVE-2022-40897.patch: limit whitespace matching in REL regex
- CVE-2022-40897
* SECURITY UPDATE: remote code execution via command injection in VCS downloads
- debian/patches/CVE-2024-6345.patch: replace os.system with subprocess.check_call
- CVE-2024-6345
* SECURITY UPDATE: path traversal in download filename resolution
- debian/patches/CVE-2025-47273.patch: validate download filename stays within tmpdir
- CVE-2025-47273
Updated packages:
-
alt-python36-setuptools_38.5.2-10_all.deb
sha:56b6fc2f99e470309db8800489459795a2a9aaa1
-
alt-python36-setuptools-wheel_38.5.2-10_all.deb
sha:4328f4ca8d3c31d70360fff2d0d855902b8cb4fe
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
