[Bug 294496] lang/python*: CVE-2026-4786: webbrowser.open() command injection mitigation for CVE-2026-4519 was incomplete

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 294496] lang/python*: CVE-2026-4786: webbrowser.open() command injection mitigation for CVE-2026-4519 was incomplete"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 13 Apr 2026 23:04:53 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=294496

Matthias Andree <mandree@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #269741|                            |maintainer-approval+
              Flags|                            |

--- Comment #3 from Matthias Andree <mandree@FreeBSD.org> ---
Created attachment 269741
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=269741&action=edit
python 3.14.4_1 -> _2 update to fix CVE-2026-4786, Incomplete mitigation of
CVE-2026-4519,     %action expansion for command injection to webbrowser.open()

-- 
You are receiving this mail because:
You are on the CC list for the bug.