-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 08 Apr 2026 08:58:00 +0700 Source: python3.11 Architecture: source Version: 3.11.2-6+deb12u7 Distribution: bookworm Urgency: medium Maintainer: Matthias Klose <[email protected]> Changed-By: Arnaud Rebillout <[email protected]> Changes: python3.11 (3.11.2-6+deb12u7) bookworm; urgency=medium . * Non-maintainer upload. * Apply upstream patches for the following CVEs: - CVE-2025-4516: issue in bytes.decode("unicode_escape", error="ignore|replace") - CVE-2025-6069: quadratic complexity in html.parser.HTMLParser - CVE-2025-6075: performance degradation in os.path.expandvars() - CVE-2025-8194: infinite loop and deadlock in tarfile - CVE-2025-8291: incorrect ZIP64 End of Central Directory handling - CVE-2025-11468: Folding email comments of unfoldable characters didn't preserve parenthesis which could be abused. - CVE-2025-12084: quadratic complexity in xml.dom.minidom appendChild etc - CVE-2025-13836: OOM or other DoS due to incorrect Content-Length handling in http.client - CVE-2025-13837: OOM or other DoS due to incorrect data size handling in plistlib - CVE-2025-15282: User-controlled data URLs parsed by urllib allowed injecting headers through newlines in the data URL mediatype. - CVE-2026-0672: User-controlled cookie values and parameters could be used to inject HTTP headers into messages. - CVE-2026-0865: User-controlled header names and values containing newlines could be used to inject HTTP headers. - CVE-2026-1299: email module allowed header injection in the BytesGenerator class. Checksums-Sha1: 852125486d3a3bd6abb56da867bb2dc8c8a2b332 3805 python3.11_3.11.2-6+deb12u7.dsc 011719dcb9f56df8fbcafac3b97c8b45a68039e4 271912 python3.11_3.11.2-6+deb12u7.debian.tar.xz 0dc813b117b396a8fbe54123a3a477efcc418fb8 6399 python3.11_3.11.2-6+deb12u7_source.buildinfo Checksums-Sha256: f903552a9de67adea73f9a3cd33abd44aa5aff50f25744b78954ac624f031022 3805 python3.11_3.11.2-6+deb12u7.dsc 7d937f4407a8b51ef14ed48097dc442605a8e048eacf6f0ada8a6938f6dea0ea 271912 python3.11_3.11.2-6+deb12u7.debian.tar.xz f16152db07cc7c1edb89971e966ad122d0f36f95a1bde76ee60db30d8d1bd2c9 6399 python3.11_3.11.2-6+deb12u7_source.buildinfo Files: 40abdf6bbbfbf93f0884cc14aa0aa893 3805 python optional python3.11_3.11.2-6+deb12u7.dsc da7f8296eb60f4f14e659c0854fccf39 271912 python optional python3.11_3.11.2-6+deb12u7.debian.tar.xz e28b45dcf5f60385aa9a4691c66d46f2 6399 python optional python3.11_3.11.2-6+deb12u7_source.buildinfo
-----BEGIN PGP SIGNATURE----- iQJHBAEBCgAxFiEE0Kl7ndbut+9n4bYs5yXoeRRgAhYFAmnVtwYTHGFybmF1ZHJA ZGViaWFuLm9yZwAKCRDnJeh5FGACFt7WD/4uB42bE4kl2k4/4U96DPQUNXBzdM9P uMRsZhX1gkhdmqiMGOGPLbmQl8sbtBGiObep2GjZ4lenMSE8FxPdOpeOFcc6CcLu bGLJNvMNn+VWcPm0EggnyWg6vAGnBIScVCm41a5e4Zh+JKh0wR0EtZ/IqzWR/jjn 6Fp1GdNmU0xiJ8d4RtzCQ3N+D/X26J9f6cOdqNLrBGmiIgChhNZosMXherGu/92G PEy5ugJBPWCS7ffAyA0mrEcggZXdWLotRQrJbqF1LHxBt8MXHVtX1K+nEPsWIq0G wTboAEtlYHNb2ssjeFa5KP0zvXNW1pWctCombaZmmU/d1tSxu1cChEsFBXUcZfgn LpPDn3qoSeD/xn0fkfqfB8r3/DhKY+u0uMto4CVRu+Ms7skSF37nhFTPdkSXRHqU WnQfa1E84iULa2zvcAjlBADVe6SD4efc2Eo8XtfIw/vIzwf1J+reMd6/19ls1NsU 30C7jlgDIOaEKcTf1b7EhUJFgFltUwIxMkoHZbYi74TLcaojebColfA//6BW3QQz 4Yo4PbsvGUoRC92pLffshksZLN/1no3PMFgKG820ln6f7IPxFeRiBvf3ooBty/sE btpEO71rYAVCfYGyYGsBriLG/Ya9Hm/lSvZfRcHbN5yax4sKuKX1Nv+q4RhpjABX Xj9drRURm2vM3w== =1WXj -----END PGP SIGNATURE-----
pgpvvmUBCHGMV.pgp
Description: PGP signature
