[CLSA-2026:1781103936] Fix CVE(s): CVE-2025-15366, CVE-2025-15367
Type:
security
Severity:
Important
Release date:
2026-06-10 15:05:57 UTC
Description:
* SECURITY UPDATE: imaplib.IMAP4._command() concatenated command arguments without rejecting control characters, allowing IMAP command injection via CR/LF in a user-controlled argument. - debian/patches/CVE-2025-15366.patch: backport of cpython 6262704b13 (gh-143921). Add the _control_chars guard and raise ValueError on any argument byte in [\x00-\x1F\x7F]. - CVE-2025-15366 * SECURITY UPDATE: poplib.POP3._putcmd() wrote command lines without rejecting control characters, allowing POP3 command injection via CR/LF in a user-controlled argument. - debian/patches/CVE-2025-15367.patch: backport of cpython b234a2b675 (gh-143923). Reject any line byte in [\x00-\x1F\x7F] with ValueError. - CVE-2025-15367
CVEs fixed:
Updated packages:
  • alt-python39_3.9.23-18_amd64.deb
    sha:dd2e9f8a832fadcd17cf4b0ddad5790a0717da35
  • alt-python39-debug_3.9.23-18_amd64.deb
    sha:f832d2db7042007f301b9d71a6b66df175e18bf7
  • alt-python39-devel_3.9.23-18_amd64.deb
    sha:f746802436ae44be1f3e86a61451adef18b02c6a
  • alt-python39-idle_3.9.23-18_amd64.deb
    sha:b54798b7ae329e00954675670bb3e5495b387191
  • alt-python39-libs_3.9.23-18_amd64.deb
    sha:dbd6612183e8f7241cc6b1392bdabed88e910097
  • alt-python39-test_3.9.23-18_amd64.deb
    sha:b497b861637af8328d3d2a7953e58797c51d84f1
  • alt-python39-tkinter_3.9.23-18_amd64.deb
    sha:3aa85bc594fb04db5924556de43df0ffdf07a80e
  • alt-python39_3.9.23-18_arm64.deb
    sha:6e4dd38eec39b446e9707a4b6e8797bc1de2deac
  • alt-python39-debug_3.9.23-18_arm64.deb
    sha:b16c767989fc556e83dbcf480cc303f0ffddd618
  • alt-python39-devel_3.9.23-18_arm64.deb
    sha:7a04a21ef4cb5717088b70af04303e39cf330759
  • alt-python39-idle_3.9.23-18_arm64.deb
    sha:a90de16d055faa566b9d7d69f8504c8f5a8b61ed
  • alt-python39-libs_3.9.23-18_arm64.deb
    sha:6af00b7dc35731e45a1548b7422b95b97184e290
  • alt-python39-test_3.9.23-18_arm64.deb
    sha:387960f93c7f4654f261eac9e349d33c7c40f7ea
  • alt-python39-tkinter_3.9.23-18_arm64.deb
    sha:6cb647224e73fd7fed58a58b6232e665b8af82e7
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.