Release date:
2026-05-11 13:14:21 UTC
Description:
- CVE-2021-3733: fix ReDoS in urllib2 AbstractBasicAuthHandler regex; the
legacy '(?:.*,)*' prefix is replaced with the upstream-3.x form
'(?:^|,)' and the scheme charset excludes ',' to prevent quadratic
backtracking on crafted WWW-Authenticate headers
- CVE-2021-23336: stop accepting ';' as a default query-string separator
in urlparse.parse_qs/parse_qsl and cgi.parse* / FieldStorage; only '&'
is used by default, with an opt-in 'separator' kwarg for callers that
need legacy behavior
- Additional tests for CVE-2021-23336: drop obsolete legacy-';' entries
from Lib/test/test_cgi.py parse_strict_test_cases
Updated packages:
-
python-2.7.5-94.0.1.el7_9.tuxcare.els8.x86_64.rpm
sha:967c001c80080caa58f0d884e7e5316902a4b6c0bbee48e94329d37c17597fad
-
python-debug-2.7.5-94.0.1.el7_9.tuxcare.els8.x86_64.rpm
sha:8702dfc98b4427c937ead0825736aff49ebaa16736300fe21e1908806627301b
-
python-devel-2.7.5-94.0.1.el7_9.tuxcare.els8.x86_64.rpm
sha:f5a9564b5893fda29edb49429eabfab31204746bfb340dfc6d4d44074a412159
-
python-libs-2.7.5-94.0.1.el7_9.tuxcare.els8.i686.rpm
sha:2e00d091eb34fa5440e7b5d74bc0567643c9903b83a211e984acd634e3150bde
-
python-libs-2.7.5-94.0.1.el7_9.tuxcare.els8.x86_64.rpm
sha:4e228b4d1ecfad6608504cb9c07ebc3decbede5e50bbaa3b0562331f44382566
-
python-test-2.7.5-94.0.1.el7_9.tuxcare.els8.x86_64.rpm
sha:73267c0e98123eced160626f11a4ecfd6ac14fb250f34f45148b71d1c0b22280
-
python-tools-2.7.5-94.0.1.el7_9.tuxcare.els8.x86_64.rpm
sha:e8647b8066f8ed6839bcbb6f56688623d8e5f6b7692e13e01fe283e773e09655
-
tkinter-2.7.5-94.0.1.el7_9.tuxcare.els8.x86_64.rpm
sha:8f57bb489bee0c7f2b3a0a7df74d1f5f13c275dc689ed38bb201f857363875ad
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
