Release date:
2026-05-11 21:45:32 UTC
Description:
- CVE-2021-3733: fix ReDoS in urllib2 AbstractBasicAuthHandler regex; the
legacy '(?:.*,)*' prefix is replaced with the upstream-3.x form
'(?:^|,)' and the scheme charset excludes ',' to prevent quadratic
backtracking on crafted WWW-Authenticate headers
- CVE-2021-23336: stop accepting ';' as a default query-string separator
in urlparse.parse_qs/parse_qsl and cgi.parse* / FieldStorage; only '&'
is used by default, with an opt-in 'separator' kwarg for callers that
need legacy behavior
- Additional tests for CVE-2021-23336: drop obsolete legacy-';' entries
from Lib/test/test_cgi.py parse_strict_test_cases
Updated packages:
-
python-2.7.5-94.0.1.el7_9.tuxcare.els8.x86_64.rpm
sha:24d0b66c5bfa495cddaa58be87dc77b4a0b92e5e5bdb54de80122c4985fb7152
-
python-debug-2.7.5-94.0.1.el7_9.tuxcare.els8.x86_64.rpm
sha:4c5d350f84ed33ad68628a59550717b75ba34628c2ebde4c7605c6d9b343010d
-
python-devel-2.7.5-94.0.1.el7_9.tuxcare.els8.x86_64.rpm
sha:9744b2230bd232bf3132543dab0fac067dffc998e485e9764293e8a7252187a6
-
python-libs-2.7.5-94.0.1.el7_9.tuxcare.els8.i686.rpm
sha:06ebec3b16641bb015734310a0ff372931af26c78d822bc4162624761d599d63
-
python-libs-2.7.5-94.0.1.el7_9.tuxcare.els8.x86_64.rpm
sha:d0c5210c988c6ef757dfe1ee7b2e8e502e44e32887cc319e63e6ad4c70e89ba8
-
python-test-2.7.5-94.0.1.el7_9.tuxcare.els8.x86_64.rpm
sha:9c00647faaea9f7291bbc5d941a6436283d2fe588cada091194abdcf99fef450
-
python-tools-2.7.5-94.0.1.el7_9.tuxcare.els8.x86_64.rpm
sha:63a8029add26e0de629486d1781e3ec6ae24a548db7d04fcdcd2f2b3ff6c2251
-
tkinter-2.7.5-94.0.1.el7_9.tuxcare.els8.x86_64.rpm
sha:dbc18bffc444528c193fd6e336c7255d60aaff0186a5e39380736b9fd467ea56
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
