SUSE-SU-2026:1296-1

This update for python39 fixes the following issues:

• CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611).
• CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734).
• CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735).
• CVE-2026-4519: failure to sanitize leading dashes in URLs in the webbrowser.open() API can lead to web browser command line option injection (bsc#1260026).