[CLSA-2026:1781088666] Fix CVE(s): CVE-2025-15366, CVE-2025-15367
Type:
security
Severity:
Important
Release date:
2026-06-10 11:36:43 UTC
Description:
* SECURITY UPDATE: imaplib.IMAP4._command() did not reject control characters in command arguments, so a CR/LF embedded in an argument could inject a second IMAP command. - debian/patches/CVE-2025-15366.patch: backport of cpython 6262704b (gh-143921). Adds the _control_chars regex and rejects arguments containing bytes in [\x00-\x1F\x7F] in _command() with ValueError. - CVE-2025-15366 * SECURITY UPDATE: poplib.POP3._putcmd() did not reject control characters, allowing the same CR/LF command injection on the POP3 socket. - debian/patches/CVE-2025-15367.patch: backport of cpython b234a2b6 (gh-143923). Rejects lines containing bytes in [\x00-\x1F\x7F] in _putcmd() with ValueError. - CVE-2025-15367
CVEs fixed:
Updated packages:
  • alt-python37_3.7.17-24_amd64.deb
    sha:f21a6cd219c2c9dd819d89f511564e65bee2c013
  • alt-python37-debug_3.7.17-24_amd64.deb
    sha:f7d986b4e8a506e5e1f4bb129bb4daff171b5a89
  • alt-python37-devel_3.7.17-24_amd64.deb
    sha:df1f2aa7e6d1ccb6e4e0a27ffee444f480bb9d37
  • alt-python37-libs_3.7.17-24_amd64.deb
    sha:c06228a3a876e59132a50a173f30d6bf653a2989
  • alt-python37-test_3.7.17-24_amd64.deb
    sha:8f2fafea8c5f787852b2edb75426059b6a52eb0e
  • alt-python37-tkinter_3.7.17-24_amd64.deb
    sha:791b66fd2b1028a0d6cca56ee2e2671c97603b5a
  • alt-python37-tools_3.7.17-24_amd64.deb
    sha:1cbe4822eacbf9a828256ff68c9558d0643c2623
  • alt-python37_3.7.17-24_arm64.deb
    sha:973291fab82f63a764aa0c53da4c8e173d352b80
  • alt-python37-debug_3.7.17-24_arm64.deb
    sha:fd2254957e411e1340807da1e8ab2cd1b2ff83c4
  • alt-python37-devel_3.7.17-24_arm64.deb
    sha:31ee413dbc398aa603e651f1a1b864cdb5d80038
  • alt-python37-libs_3.7.17-24_arm64.deb
    sha:cc2dfe9e10807c9f26034256c7b95ca195158efc
  • alt-python37-test_3.7.17-24_arm64.deb
    sha:bfad33c98b09f92fce1f924a808302b774a3a109
  • alt-python37-tkinter_3.7.17-24_arm64.deb
    sha:1b681a0cb52d9a8091159c52cc91cd75170eca6a
  • alt-python37-tools_3.7.17-24_arm64.deb
    sha:ce5fba55e387141855cd0a4cf232d9e99413e71a
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.