Diffusion FreeBSD ports repository 965c6f73bbe0

lang/python314: Fix incomplete mitigation of webbrowser.open()
965c6f73bbe0
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

lang/python314: Fix incomplete mitigation of webbrowser.open()

Cherry-pick fix to resolve
Incomplete mitigation of CVE-2026-4519,
%action expansion for command injection to webbrowser.open()

Obtained from: GitHub repo

		https://github.com/python/cpython/pull/148516

Security: CVE-2026-4786

		cf75f572-378a-11f1-a119-e36228bfe7d4

Details

Provenance

mandree	Authored on Mon, Apr 13, 11:00 PM
diizzy	Committed on Thu, Apr 16, 9:38 PM

Parents

R11:013edbc0a89f: lang/python314: Security update + other fixes

Branches

Unknown

Tags

Unknown

Event Timeline

diizzy committed R11:965c6f73bbe0: lang/python314: Fix incomplete mitigation of webbrowser.open() (authored by mandree).Thu, Apr 16, 9:38 PM

arrowd mentioned this in R11:1b59ecb6f9f4: lang/python314: Fix incomplete mitigation of webbrowser.open().Sat, May 2, 12:38 PM

Changes (2)

Path

Size

lang/

python314/

files/

patch-gh-148169-fix-webbrowser-_action_substitution-bypass-of-dash-prefix-check

R11:965c6f73bbe0

lang/python314/Makefile

Loading...

lang/python314/files/patch-gh-148169-fix-webbrowser-_action_substitution-bypass-of-dash-prefix-check

Loading...