[CLSA-2026:1768588281] Fix CVE(s): CVE-2025-12084, CVE-2025-13836

Type:

security

Severity:

Critical

Release date:

2026-01-16 18:31:25 UTC

Description:

   * SECURITY UPDATE: Potential denial of service in http.client
     - debian/patches/CVE-2025-13836.patch: Read large data by
       chunks instead of allocating memory based on Content-Length
     - CVE-2025-13836
   * SECURITY UPDATE: Quadratic complexity in xml.minidom node ID cache
     clearing
     - debian/patches/CVE-2025-12084.patch: Remove quadratic behavior in
       xml.minidom node ID cache clearing
     - CVE-2025-12084

Updated packages:

alt-python38_3.8.20-5_amd64.deb
sha:0bb0e6266d5340104e1367f80dbae8e6080a8728
alt-python38-debug_3.8.20-5_amd64.deb
sha:727b04be63cf1a739cac4db9a36ebd9e85aef092
alt-python38-devel_3.8.20-5_amd64.deb
sha:340038b64a358aba3d209d66218826ce79f2fdb2
alt-python38-idle_3.8.20-5_amd64.deb
sha:137d59a9554adab02cbd863ec90e4e31b530b661
alt-python38-libs_3.8.20-5_amd64.deb
sha:1c5cfbabf42b5e43f1e922a506c0446f759e79bc
alt-python38-test_3.8.20-5_amd64.deb
sha:6f739b8709b6277e5be0b1c246ebfda0724f121a
alt-python38-tkinter_3.8.20-5_amd64.deb
sha:cd84b3e75690f71d6088153d2e3894d424f1565e

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.