[Bug 294496] lang/python*: CVE-2026-4786: webbrowser.open() command injection mitigation for CVE-2026-4519 was incomplete

bugzilla-noreply Fri, 17 Apr 2026 02:05:35 -0700

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=294496


Matthias Andree <[email protected]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Flags|                            |maintainer-feedback+

--- Comment #5 from Matthias Andree <[email protected]> ---
The branch main has been updated by diizzy:

URL:
https://cgit.FreeBSD.org/ports/commit/?id=965c6f73bbe0a9361fdd92952e3ac622736ebbb3

commit 965c6f73bbe0a9361fdd92952e3ac622736ebbb3
Author:     Matthias Andree <[email protected]>
AuthorDate: 2026-04-13 23:00:40 +0000
Commit:     Daniel Engberg <[email protected]>
CommitDate: 2026-04-16 21:38:32 +0000

    lang/python314: Fix incomplete mitigation of webbrowser.open()

    Cherry-pick fix to resolve
    Incomplete mitigation of CVE-2026-4519,
    %action expansion for command injection to webbrowser.open()

    Obtained from:  GitHub repo
                    https://github.com/python/cpython/pull/148516
    Security:       CVE-2026-4786
                    cf75f572-378a-11f1-a119-e36228bfe7d4

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug 294496] lang/python*: CVE-2026-4786: webbrowser.open() command injection mitigation for CVE-2026-4519 was incomplete

Reply via email to