[CLSA-2026:1781095089] Fix CVE(s): CVE-2025-15366, CVE-2025-15367
Type:
security
Severity:
Important
Release date:
2026-06-10 12:41:12 UTC
Description:
* SECURITY UPDATE: imaplib.IMAP4._command() concatenated command arguments without rejecting control characters, allowing IMAP command injection via CR/LF in a user-controlled argument. - debian/patches/CVE-2025-15366.patch: backport of cpython 6262704b13 (gh-143921). Add the _control_chars guard and raise ValueError on any argument byte in [\x00-\x1F\x7F]. - CVE-2025-15366 * SECURITY UPDATE: poplib.POP3._putcmd() wrote command lines without rejecting control characters, allowing POP3 command injection via CR/LF in a user-controlled argument. - debian/patches/CVE-2025-15367.patch: backport of cpython b234a2b675 (gh-143923). Reject any line byte in [\x00-\x1F\x7F] with ValueError. - CVE-2025-15367
CVEs fixed:
Updated packages:
  • alt-python39_3.9.23-18_amd64.deb
    sha:71e3293d6f7e5b2795fa1b823ddf57a70c5059a4
  • alt-python39-debug_3.9.23-18_amd64.deb
    sha:f832d2db7042007f301b9d71a6b66df175e18bf7
  • alt-python39-devel_3.9.23-18_amd64.deb
    sha:2118a2da8108b89d5137f9b7b6c053596b9a88c6
  • alt-python39-idle_3.9.23-18_amd64.deb
    sha:c6091bc564577648d9d56f57d86a836bf54d7053
  • alt-python39-libs_3.9.23-18_amd64.deb
    sha:e52f5b17a989c50d9b1d6cff0a33964f11a2b416
  • alt-python39-test_3.9.23-18_amd64.deb
    sha:50919336ca7197e622acdf1a2255a31e7d85e568
  • alt-python39-tkinter_3.9.23-18_amd64.deb
    sha:293e624e86747fa84d281f7bf91638892438fb03
  • alt-python39_3.9.23-18_arm64.deb
    sha:9c22f00c10de4a1c398d6ea98708d312463b4828
  • alt-python39-debug_3.9.23-18_arm64.deb
    sha:b16c767989fc556e83dbcf480cc303f0ffddd618
  • alt-python39-devel_3.9.23-18_arm64.deb
    sha:100ef60092e9c37a83349264baf2c73accc891d3
  • alt-python39-idle_3.9.23-18_arm64.deb
    sha:4a5c1011e0ece49f083ddf867d5ee1ac320d5390
  • alt-python39-libs_3.9.23-18_arm64.deb
    sha:1452d073fc74d95206d3b3a70c30c872a3269b52
  • alt-python39-test_3.9.23-18_arm64.deb
    sha:c6f7b6e1c91dc797775837c77f141de0f56ad707
  • alt-python39-tkinter_3.9.23-18_arm64.deb
    sha:60f9313b3ec79073e64564c8a41bd7a6dc4cd51f
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.