Release date:
2025-10-17 13:24:30 UTC
Description:
* SECURITY UPDATE: Web cache poisoning vulnerability
- debian/patches/CVE-2021-23336.patch: fix web cache poisoning
via urllib.parse.parse_qsl and urllib.parse.parse_qs
- CVE-2021-23336
* SECURITY UPDATE: Regular expression denial of service
- debian/patches/CVE-2021-3733.patch: fix flaw in urllib’s
AbstractBasicAuthHandler that could lead to a denial of service
by leveraging a regular expression
- CVE-2021-3733
* SECURITY UPDATE: Constant-time-defeating optimisations issue
- debian/patches/CVE-2022-48566.patch: make compare_digest more
constant-time
- CVE-2022-48566
* SECURITY UPDATE: Incorrect parsing of email addresses containing special
characters
- debian/patches/CVE-2023-27043.patch: Fix email address parsing errors by
adding optional 'strict' parameter to getaddresses() and parseaddr()
functions
- CVE-2023-27043
* SECURITY UPDATE: TLS handshake bypass
- debian/patches/CVE-2023-40217.patch: Check for & avoid the ssl
pre-close flaw. Update SSL tests
- CVE-2023-40217
Updated packages:
-
alt-python27_2.7.18-8_amd64.deb
sha:09c3b5c864f24e4ccbba8c3b0e717883445ab939
-
alt-python27-debug_2.7.18-8_amd64.deb
sha:46f1f36f07ecde06092c3391c41e16a2861a106d
-
alt-python27-devel_2.7.18-8_amd64.deb
sha:fff4e273826df8ec0b0a6d4af0cdda166b6f47d3
-
alt-python27-idle_2.7.18-8_amd64.deb
sha:e1e587dcc58f0ee15b0a852745c0844b8c7c5230
-
alt-python27-libs_2.7.18-8_amd64.deb
sha:0285108096b3e1492aa7fd96f36f8e5a02e060ff
-
alt-python27-test_2.7.18-8_amd64.deb
sha:d72103ba141d97e4f01eb7b39700a3e25a47dd4f
-
alt-python27-tkinter_2.7.18-8_amd64.deb
sha:a7d2d44d0a4ebb5732d851e1b264a5b4f6f46c45
-
alt-python27-tools_2.7.18-8_amd64.deb
sha:64fbbe29dd0a26cbf192dc14ba08722cf78fd81b
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
