CLSA-2026-1777545539

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1777545539.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2026-1777545539
Upstream
  • CVE-2026-4519
Published
2026-04-30T10:39:04Z
Modified
2026-06-04T10:03:57.711763229Z
Summary
Fix of 6 CVEs
Details
  • SECURITY UPDATE: fix quadratic complexity in http cookie parsing with backslash escapes
    • debian/patches/CVE-2024-7592.patch: fix quadratic complexity in http cookie parsing with backslash escapes
    • CVE-2024-7592
  • SECURITY UPDATE: reject leading dashes in webbrowser URLs and %action substitution bypass
    • debian/patches/CVE-2026-4519.patch: reject leading dashes in webbrowser URLs and %action substitution bypass
    • CVE-2026-4519
  • SECURITY UPDATE: fix quadratic complexity in os.path.expandvars()
    • debian/patches/CVE-2025-6075.patch: fix quadratic complexity in os.path.expandvars()
    • CVE-2025-6075
  • SECURITY UPDATE: remove quadratic behavior in xml.dom.minidom node id-cache clearing
    • debian/patches/CVE-2025-12084.patch: remove quadratic behavior in xml.dom.minidom node id-cache clearing
    • CVE-2025-12084
  • SECURITY UPDATE: remove backtracking when parsing tarfile PAX headers
    • debian/patches/CVE-2024-6232.patch: remove backtracking when parsing tarfile PAX headers
    • CVE-2024-6232
  • SECURITY UPDATE: reject malformed addresses in email.utils.parseaddr / getaddresses
    • debian/patches/CVE-2023-27043.patch: reject malformed addresses in email.utils.parseaddr / getaddresses
    • CVE-2023-27043
References

Affected packages

TuxCare:Debian:10
idle-python2.7

Package

Name
idle-python2.7
Purl
pkg:deb/tuxcare/idle-python2.7?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.16-2+deb10u4+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1777545539.json"
libpython2.7

Package

Name
libpython2.7
Purl
pkg:deb/tuxcare/libpython2.7?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.16-2+deb10u4+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1777545539.json"
libpython2.7-dev

Package

Name
libpython2.7-dev
Purl
pkg:deb/tuxcare/libpython2.7-dev?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.16-2+deb10u4+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1777545539.json"
libpython2.7-minimal

Package

Name
libpython2.7-minimal
Purl
pkg:deb/tuxcare/libpython2.7-minimal?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.16-2+deb10u4+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1777545539.json"
libpython2.7-stdlib

Package

Name
libpython2.7-stdlib
Purl
pkg:deb/tuxcare/libpython2.7-stdlib?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.16-2+deb10u4+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1777545539.json"
libpython2.7-testsuite

Package

Name
libpython2.7-testsuite
Purl
pkg:deb/tuxcare/libpython2.7-testsuite?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.16-2+deb10u4+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1777545539.json"
python2.7

Package

Name
python2.7
Purl
pkg:deb/tuxcare/python2.7?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.16-2+deb10u4+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1777545539.json"
python2.7-dev

Package

Name
python2.7-dev
Purl
pkg:deb/tuxcare/python2.7-dev?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.16-2+deb10u4+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1777545539.json"
python2.7-doc

Package

Name
python2.7-doc
Purl
pkg:deb/tuxcare/python2.7-doc?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.16-2+deb10u4+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1777545539.json"
python2.7-examples

Package

Name
python2.7-examples
Purl
pkg:deb/tuxcare/python2.7-examples?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.16-2+deb10u4+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1777545539.json"
python2.7-minimal

Package

Name
python2.7-minimal
Purl
pkg:deb/tuxcare/python2.7-minimal?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.16-2+deb10u4+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1777545539.json"