CLSA-2026-1779096552

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1779096552.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2026-1779096552
Upstream
  • CVE-2026-4519
Published
2026-05-18T09:29:16Z
Modified
2026-06-04T09:45:29.949519633Z
Summary
Fix CVE(s): CVE-2025-13836, CVE-2026-4519
Details
  • SECURITY UPDATE: memory denial of service via attacker-controlled Content-Length in http.client
    • debian/patches/CVE-2025-13836.patch: rewrite Lib/http/client.py saferead to read large responses in geometrically-growing chunks bounded by MINREADBUFSIZE (1 MiB), preventing OOM when a malicious server advertises a large Content-Length without sending matching data. Adapted from cpython 3.10 backport 5dc101675fd
    • CVE-2025-13836
  • SECURITY UPDATE: command injection in webbrowser.open() via leading dash in URL
    • debian/patches/CVE-2026-4519.patch: add BaseBrowser.checkurl static method that rejects URLs whose lstripped form starts with a dash, and call it at the start of every open() method in GenericBrowser, BackgroundBrowser, UnixBrowser, Konqueror, Grail, WindowsDefault, MacOSX, and MacOSXOSAScript. Adapted from cpython 3.10 backports ad4d5ba32af and 591ed890270; sys.audit() context lines absent in 3.7 (added in 3.8) so the check is inserted as the first statement of each open()
    • CVE-2026-4519
References

Affected packages

TuxCare:Debian:10
idle-python3.7

Package

Name
idle-python3.7
Purl
pkg:deb/tuxcare/idle-python3.7?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.7.3-2+deb10u7+tuxcare.els3

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1779096552.json"
libpython3.7

Package

Name
libpython3.7
Purl
pkg:deb/tuxcare/libpython3.7?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.7.3-2+deb10u7+tuxcare.els3

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1779096552.json"
libpython3.7-dev

Package

Name
libpython3.7-dev
Purl
pkg:deb/tuxcare/libpython3.7-dev?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.7.3-2+deb10u7+tuxcare.els3

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1779096552.json"
libpython3.7-minimal

Package

Name
libpython3.7-minimal
Purl
pkg:deb/tuxcare/libpython3.7-minimal?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.7.3-2+deb10u7+tuxcare.els3

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1779096552.json"
libpython3.7-stdlib

Package

Name
libpython3.7-stdlib
Purl
pkg:deb/tuxcare/libpython3.7-stdlib?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.7.3-2+deb10u7+tuxcare.els3

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1779096552.json"
libpython3.7-testsuite

Package

Name
libpython3.7-testsuite
Purl
pkg:deb/tuxcare/libpython3.7-testsuite?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.7.3-2+deb10u7+tuxcare.els3

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1779096552.json"
python3.7

Package

Name
python3.7
Purl
pkg:deb/tuxcare/python3.7?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.7.3-2+deb10u7+tuxcare.els3

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1779096552.json"
python3.7-dev

Package

Name
python3.7-dev
Purl
pkg:deb/tuxcare/python3.7-dev?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.7.3-2+deb10u7+tuxcare.els3

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1779096552.json"
python3.7-doc

Package

Name
python3.7-doc
Purl
pkg:deb/tuxcare/python3.7-doc?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.7.3-2+deb10u7+tuxcare.els3

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1779096552.json"
python3.7-examples

Package

Name
python3.7-examples
Purl
pkg:deb/tuxcare/python3.7-examples?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.7.3-2+deb10u7+tuxcare.els3

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1779096552.json"
python3.7-minimal

Package

Name
python3.7-minimal
Purl
pkg:deb/tuxcare/python3.7-minimal?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.7.3-2+deb10u7+tuxcare.els3

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1779096552.json"
python3.7-venv

Package

Name
python3.7-venv
Purl
pkg:deb/tuxcare/python3.7-venv?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.7.3-2+deb10u7+tuxcare.els3

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1779096552.json"