OESA-2026-1458

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1458

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2026-1458.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2026-1458

Upstream

CVE-2025-11468

CVE-2025-15282

Published

2026-02-28T12:45:52Z

Modified

2026-02-28T16:21:32.191514Z

Summary

python3 security update

Details

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C++ (or other languages, depending on the chosen implementation). Python is also usable as an extension language for applications written in other languages that need easy-to-use scripting or automation interfaces.

Security Fix(es):

In CPython's email module, when folding a long comment containing exclusively unfoldable characters, the parentheses are not preserved. This could be exploited to inject headers into email messages in scenarios where email addresses are user-controlled and not sanitized.(CVE-2025-11468)

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.(CVE-2025-15282)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:24.03-LTS / python3

Package

Name: python3
Purl: pkg:rpm/openEuler/python3&distro=openEuler-24.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.11.6-21.oe2403

Ecosystem specific

{
    "aarch64": [
        "python3-3.11.6-21.oe2403.aarch64.rpm",
        "python3-debug-3.11.6-21.oe2403.aarch64.rpm",
        "python3-debuginfo-3.11.6-21.oe2403.aarch64.rpm",
        "python3-debugsource-3.11.6-21.oe2403.aarch64.rpm",
        "python3-devel-3.11.6-21.oe2403.aarch64.rpm",
        "python3-tkinter-3.11.6-21.oe2403.aarch64.rpm",
        "python3-unversioned-command-3.11.6-21.oe2403.aarch64.rpm"
    ],
    "src": [
        "python3-3.11.6-21.oe2403.src.rpm"
    ],
    "noarch": [
        "python3-help-3.11.6-21.oe2403.noarch.rpm"
    ],
    "x86_64": [
        "python3-3.11.6-21.oe2403.x86_64.rpm",
        "python3-debug-3.11.6-21.oe2403.x86_64.rpm",
        "python3-debuginfo-3.11.6-21.oe2403.x86_64.rpm",
        "python3-debugsource-3.11.6-21.oe2403.x86_64.rpm",
        "python3-devel-3.11.6-21.oe2403.x86_64.rpm",
        "python3-tkinter-3.11.6-21.oe2403.x86_64.rpm",
        "python3-unversioned-command-3.11.6-21.oe2403.x86_64.rpm"
    ]
}

Database specific

source

"https://repo.openeuler.org/security/data/osv/OESA-2026-1458.json"