[CLSA-2026:1781088211] Fix CVE(s): CVE-2025-15366, CVE-2025-15367
Type:
security
Severity:
Important
Release date:
2026-06-10 10:43:50 UTC
Description:
* SECURITY UPDATE: imaplib.IMAP4._command() did not reject control characters in command arguments, so a CR/LF embedded in an argument could inject a second IMAP command. - debian/patches/CVE-2025-15366.patch: backport of cpython 6262704b (gh-143921). Adds the _control_chars regex and rejects arguments containing bytes in [\x00-\x1F\x7F] in _command() with ValueError. - CVE-2025-15366 * SECURITY UPDATE: poplib.POP3._putcmd() did not reject control characters, allowing the same CR/LF command injection on the POP3 socket. - debian/patches/CVE-2025-15367.patch: backport of cpython b234a2b6 (gh-143923). Rejects lines containing bytes in [\x00-\x1F\x7F] in _putcmd() with ValueError. - CVE-2025-15367
CVEs fixed:
Updated packages:
  • alt-python37_3.7.17-24_amd64.deb
    sha:acf7c2bcf05bba06768cde177c30ebdda46d6e24
  • alt-python37-debug_3.7.17-24_amd64.deb
    sha:aa93b697781d9b4ce9f4ef8fbecac9531a2585ed
  • alt-python37-devel_3.7.17-24_amd64.deb
    sha:8cad07ccfe445963479b78901b09f1224ad2685c
  • alt-python37-libs_3.7.17-24_amd64.deb
    sha:ed761e41bddbd749dbec5fb50f67895f606d859c
  • alt-python37-test_3.7.17-24_amd64.deb
    sha:bad492e0d2302cb1872886a283fea0514e26a647
  • alt-python37-tkinter_3.7.17-24_amd64.deb
    sha:0e0750d2b30d321bc922b1a3bf2ba1c4cfb073b0
  • alt-python37-tools_3.7.17-24_amd64.deb
    sha:1cbe4822eacbf9a828256ff68c9558d0643c2623
  • alt-python37_3.7.17-24_arm64.deb
    sha:ad307699d7890a4e97dbf4d2542bfce5b809dc96
  • alt-python37-debug_3.7.17-24_arm64.deb
    sha:857a45768cb6333b854876a1394a5a8c7a383920
  • alt-python37-devel_3.7.17-24_arm64.deb
    sha:602056b037b37f048d4d11fc48009032ad9e1434
  • alt-python37-libs_3.7.17-24_arm64.deb
    sha:9d888ae8d60ffd7b6be9c0165ac35654f984dc9c
  • alt-python37-test_3.7.17-24_arm64.deb
    sha:ca9319f23caf4a78b007d5295fd2cc1398203942
  • alt-python37-tkinter_3.7.17-24_arm64.deb
    sha:2110ccee142fcfd275fad63e854ddee846bfbee9
  • alt-python37-tools_3.7.17-24_arm64.deb
    sha:ce5fba55e387141855cd0a4cf232d9e99413e71a
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.