[CLSA-2026:1768588081] Fix CVE(s): CVE-2025-12084, CVE-2025-13836

Type:

security

Severity:

Critical

Release date:

2026-01-16 18:28:04 UTC

Description:

   * SECURITY UPDATE: Potential denial of service in http.client
     - debian/patches/CVE-2025-13836.patch: Read large data by
       chunks instead of allocating memory based on Content-Length
     - CVE-2025-13836
   * SECURITY UPDATE: Quadratic complexity in xml.minidom node ID cache
     clearing
     - debian/patches/CVE-2025-12084.patch: Remove quadratic behavior in
       xml.minidom node ID cache clearing
     - CVE-2025-12084

Updated packages:

alt-python38_3.8.20-5_amd64.deb
sha:223287846fda46b61c63e699017cf0c5b32fab23
alt-python38-debug_3.8.20-5_amd64.deb
sha:178a9a11212a5286b6cbb2101c21cec5cc6054cf
alt-python38-devel_3.8.20-5_amd64.deb
sha:b3a82ec2202851f39e215a780673d03c1fe87287
alt-python38-idle_3.8.20-5_amd64.deb
sha:bb9e67df0ed319dcad9f3b83fff3f01b5c731419
alt-python38-libs_3.8.20-5_amd64.deb
sha:d531bf8ce1c2586f270c13e989458c89212d18b4
alt-python38-test_3.8.20-5_amd64.deb
sha:77bdcb2e7f65a75b3d5d14cc1b2d311b81e2280f
alt-python38-tkinter_3.8.20-5_amd64.deb
sha:c9ac5fc0ed1e47fef494b488cd4a5f496de96c4c

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.