id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
5896	Python security fixes: CVE-2026-4224,3644,4519	Joe Locash	Douglas R. Reno	"3 CVE's have been fixed in Python recently mostly affecting versions before 3.15:
  CVE-2026-4224
  CVE-2026-3644
  CVE-2026-4519

From https://www.openwall.com/lists/oss-security/2026/03/16/4:
  There is a HIGH severity vulnerability
  affecting CPython.

  When an Expat parser with a registered ElementDeclHandler parses an inline
  document type definition containing a deeply nested content model a C stack
  overflow occurs.

  Please see the linked CVE ID for the latest information on
  affected versions:

  * https://www.cve.org/CVERecord?id=CVE-2026-4224
  * https://github.com/python/cpython/commit/eb0e8be3a7e11b87d198a2c3af1ed0eccf532768

From https://www.openwall.com/lists/oss-security/2026/03/16/5:
  There is a MEDIUM severity vulnerability
  affecting CPython.

  The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel,
  was incomplete. The Morsel.update(), |= operator, and unpickling paths were not
  patched, allowing control characters to bypass input validation. Additionally,
  BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().

  Please see the linked CVE ID for the latest information on
  affected versions:

  * https://www.cve.org/CVERecord?id=CVE-2026-3644
  * https://github.com/python/cpython/commit/57e88c1cf95e1481b94ae57abe1010469d47a6b4

From https://www.openwall.com/lists/oss-security/2026/03/20/1:
  There is a MEDIUM severity vulnerability affecting CPython.

  The webbrowser.open() API would accept leading dashes in the URL which could be
  handled as command line options for certain web browsers. New behavior rejects 
  leading dashes. Users are recommended to sanitize URLs prior to passing to
  webbrowser.open().

  Please see the linked CVE ID for the latest information on affected versions:

  * https://www.cve.org/CVERecord?id=CVE-2026-4519
  * https://github.com/python/cpython/pull/143931


Attached is a patch with the fixes rediffed for 3.14.3.

"	enhancement	closed	high	13.1	Book	git	normal	fixed