[CLSA-2026:1782991913] git-lfs: Fix of CVE-2026-39821
Type:
security
Severity:
Important
Release date:
2026-07-02 11:32:09 UTC
Description:
- CVE-2026-39821: reject xn-- labels that decode to all-ASCII in the vendored golang.org/x/net/idna package to prevent hostname allow-list bypass
CVEs fixed:
Updated packages:
  • git-lfs-3.6.1-2.el9_6.tuxcare.els6.x86_64.rpm
    sha:3c715edad37e6c31d9ef287db4fe376cd86fcb73aa497be92ff9c16dbad73268
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.