CLSA-2026-1778979189

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1778979189.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2026-1778979189

Upstream

CVE-2024-6232

CVE-2024-7592

CVE-2024-9287

Published

2026-05-17T00:53:13Z

Modified

2026-06-04T09:45:29.935599991Z

Summary

Fix CVE(s): CVE-2024-6232, CVE-2024-7592, CVE-2024-9287

Details

SECURITY UPDATE: ReDoS in tarfile PAX header parsing
- debian/patches/CVE-2024-6232.patch: rewrite Lib/tarfile.py PAX-record parser to scan length-prefixed records via a bounded regex (headerlengthprefixre) plus direct slicing, eliminating quadratic backtracking in three pre-existing regexes. Adapted from upstream commit 7d1f50cd (3.8 backport); walrus operator rewritten as assign-then-test for Python 3.7.
- CVE-2024-6232
SECURITY UPDATE: quadratic complexity in http.cookies._unquote
- debian/patches/CVE-2024-7592.patch: replace the O(n^2) _OctalPatt/_QuotePatt while-loop in Lib/http/cookies.py with a single linear re.sub() driven by an alternation pattern and unquotereplace callback. Verbatim from upstream commit 44e45835 / 3.8 backport a77ab244.
- CVE-2024-7592
SECURITY UPDATE: shell injection via venv activation script substitutions
- debian/patches/CVE-2024-9287.patch: shell-quote VENV*_ placeholder substitutions in Lib/venv/init.py via shlex.quote (sh/csh/fish) and remove surrounding double-quotes from activate/activate.csh/activate.fish templates so the now-pre-quoted values splice safely. Adapted from upstream 3.9 backport 633555735a; Lib/venv/scripts/nt/Activate.ps1 deliberately untouched (matches upstream 3.9-3.12 backport scope).
- CVE-2024-9287

References

https://errata.tuxcare.com/els_os/debian10els/CLSA-2026-1778979189.html

Affected packages

TuxCare:Debian:10

idle-python3.7

Package

Name: idle-python3.7
Purl: pkg:deb/tuxcare/idle-python3.7?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.7.3-2+deb10u7+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1778979189.json"

libpython3.7

Package

Name: libpython3.7
Purl: pkg:deb/tuxcare/libpython3.7?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.7.3-2+deb10u7+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1778979189.json"

libpython3.7-dev

Package

Name: libpython3.7-dev
Purl: pkg:deb/tuxcare/libpython3.7-dev?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.7.3-2+deb10u7+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1778979189.json"

libpython3.7-minimal

Package

Name: libpython3.7-minimal
Purl: pkg:deb/tuxcare/libpython3.7-minimal?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.7.3-2+deb10u7+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1778979189.json"

libpython3.7-stdlib

Package

Name: libpython3.7-stdlib
Purl: pkg:deb/tuxcare/libpython3.7-stdlib?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.7.3-2+deb10u7+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1778979189.json"

libpython3.7-testsuite

Package

Name: libpython3.7-testsuite
Purl: pkg:deb/tuxcare/libpython3.7-testsuite?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.7.3-2+deb10u7+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1778979189.json"

python3.7

Package

Name: python3.7
Purl: pkg:deb/tuxcare/python3.7?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.7.3-2+deb10u7+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1778979189.json"

python3.7-dev

Package

Name: python3.7-dev
Purl: pkg:deb/tuxcare/python3.7-dev?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.7.3-2+deb10u7+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1778979189.json"

python3.7-doc

Package

Name: python3.7-doc
Purl: pkg:deb/tuxcare/python3.7-doc?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.7.3-2+deb10u7+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1778979189.json"

python3.7-examples

Package

Name: python3.7-examples
Purl: pkg:deb/tuxcare/python3.7-examples?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.7.3-2+deb10u7+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1778979189.json"

python3.7-minimal

Package

Name: python3.7-minimal
Purl: pkg:deb/tuxcare/python3.7-minimal?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.7.3-2+deb10u7+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1778979189.json"

python3.7-venv

Package

Name: python3.7-venv
Purl: pkg:deb/tuxcare/python3.7-venv?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.7.3-2+deb10u7+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1778979189.json"