Release date:
2026-04-28 17:10:52 UTC
Description:
* SECURITY UPDATE: zipfile quoted-overlap zip bomb
- debian/patches/CVE-2024-0450.patch: raise BadZipFile when an
archive entry overlaps with another entry or the central
directory, preventing quoted-overlap zip bombs with extreme
compression ratios.
- CVE-2024-0450
* SECURITY UPDATE: use-after-free in lzma/bz2 decompressors
- debian/patches/CVE-2026-6100.patch: null next_in at the error:
label of decompress() in Modules/_bz2module.c and
Modules/_lzmamodule.c so the decompressor cannot be re-used
with a stale buffer pointer after a MemoryError.
- CVE-2026-6100
Updated packages:
-
alt-python37_3.7.17-16_amd64.deb
sha:17d6d55f5f21695054aa14cf2886e9d1627a756a
-
alt-python37-debug_3.7.17-16_amd64.deb
sha:35bec3c5a32201acc4d713c57d4f60f1ae683c6c
-
alt-python37-devel_3.7.17-16_amd64.deb
sha:1aeac65a97f25ea0502ab07ba54c95060ed2461a
-
alt-python37-libs_3.7.17-16_amd64.deb
sha:e332bb2b6b5376978c6e19428baee610cc89271b
-
alt-python37-test_3.7.17-16_amd64.deb
sha:fe0554b1079e4229d82976a7c9d0cd423a30231f
-
alt-python37-tkinter_3.7.17-16_amd64.deb
sha:a286c330e78b5cf73ee4b2e0582c54856bcf23aa
-
alt-python37-tools_3.7.17-16_amd64.deb
sha:1a5268bd030fbf9c1e9b7c9bc878064a08081646
-
alt-python37_3.7.17-16_arm64.deb
sha:33211331c5e614c6acd722ee5989a9793511d04c
-
alt-python37-debug_3.7.17-16_arm64.deb
sha:31054af5d9aac397a175b2a43d8f44ac680fda21
-
alt-python37-devel_3.7.17-16_arm64.deb
sha:0d06da34dc21f0af7ad2d7b2d01b734fac644261
-
alt-python37-libs_3.7.17-16_arm64.deb
sha:8901ab852008e5d806b4ebc6665a024319c487a0
-
alt-python37-test_3.7.17-16_arm64.deb
sha:84ab1dde871340238987b0d5795c62e02b7076ba
-
alt-python37-tkinter_3.7.17-16_arm64.deb
sha:cdfe959454fbcb08040019e15f8f897e287b20b1
-
alt-python37-tools_3.7.17-16_arm64.deb
sha:b0f6b421acef604ea20e5a297eedfe69cb07cb2f
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
