SUSE-SU-2026:1417-1

This update for python fixes the following issues:

• CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined (bsc#1259611).
• CVE-2026-3479: improper resource argument validation can allow path traversal (bsc#1259989).
• CVE-2026-3644: incomplete control character validation in http.cookies (bsc#1259734).
• CVE-2026-4224: C stack overflow when parsing XML with deeply nested DTD content models (bsc#1259735).
• CVE-2026-4519: leading dashes in URLs are accepted by the webbrowser.open() API and allow for web browser command line option injection (bsc#1260026).