Your message dated Sun, 1 Feb 2026 20:57:11 +0100
with message-id <[email protected]>
and subject line Re: Accepted brotli 1.2.0-1 (source) into unstable
has caused the Debian Bug report #1122212,
regarding brotli: v1.2.0: Adds Decompressor::can_accept_more_data method that
allows mitigation of unexpectedly large output
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1122212: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122212
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: brotli
Version: 1.1.0-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: affects -1 + python-scrapy
Control: forwarded -1 https://github.com/google/brotli/pull/1234
Hi
The v1.2.0 release contains:
| python: added Decompressor::can_accept_more_data method and optional
| output_buffer_limit argument Decompressor::process;
| that allows mitigation of unexpectedly large output;
In fact to effectively mitigate the CVE-2025-6176 issue in
python-scrapy, bumping the version used by python-scrapy to at least
1.2.0 is required.
Details on the issue CVE-2025-6176 assigned for python-scrapy:
https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: brotli
Source-Version: 1.2.0-1
Fixes as well #1122212 so closing manually. thanks for the upload
Tomasz!
Regards,
Salvatore
On Sun, Feb 01, 2026 at 11:33:38AM +0000, Debian FTP Masters wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Format: 1.8
> Date: Sun, 01 Feb 2026 12:00:26 +0100
> Source: brotli
> Architecture: source
> Version: 1.2.0-1
> Distribution: unstable
> Urgency: medium
> Maintainer: Tomasz Buchert <[email protected]>
> Changed-By: Tomasz Buchert <[email protected]>
> Changes:
> brotli (1.2.0-1) unstable; urgency=medium
> .
> * New upstream version 1.2.0
> Checksums-Sha1:
> 41dc00806ed3c36178171f6a4018f35c044973b3 2282 brotli_1.2.0-1.dsc
> da59cfe8b228985193c7e18689109b91c09a5691 646398 brotli_1.2.0.orig.tar.gz
> 10fd3c18adad7abf9a8642ddbc1fb23d5497bea1 5188 brotli_1.2.0-1.debian.tar.xz
> 9465fbf02b5de12284a1ea89d3754d7c14e928f9 8941 brotli_1.2.0-1_source.buildinfo
> Checksums-Sha256:
> 04b49a59c0dc4f8ba715378f0a03911fab373443f0324544efa5b9ddfb849740 2282
> brotli_1.2.0-1.dsc
> eb5f7dadf215d0670665fd81566e1fe2dfdc154d983f09142de7299df4c182e6 646398
> brotli_1.2.0.orig.tar.gz
> 84628bcca644a4e4d7ecbd7b914eddbc0bf37661cff5c8ac28b5d2566ee7e804 5188
> brotli_1.2.0-1.debian.tar.xz
> 318310debcd556a9a4d0eb7d85d3a72eb30ba93d63d3eb12735a48eac28cce74 8941
> brotli_1.2.0-1_source.buildinfo
> Files:
> fd3160170c461a3a4934a86a2fe1c04a 2282 python optional brotli_1.2.0-1.dsc
> eaf4ff178203d4527dc5fca285e4e9ec 646398 python optional
> brotli_1.2.0.orig.tar.gz
> 102bfb5418643aa7decf89ffb93ed0e7 5188 python optional
> brotli_1.2.0-1.debian.tar.xz
> 0fe0457cb8ce5c9aa4ed70dadbf76b6a 8941 python optional
> brotli_1.2.0-1_source.buildinfo
>
> -----BEGIN PGP SIGNATURE-----
>
> iQIzBAEBCgAdFiEEw4a8QcDI3JdLyqg9Y4wJ8uTJG1IFAml/NIUACgkQY4wJ8uTJ
> G1JSuA//cnCGxamX3UWQpmIY6qgZeBPzC1pE15akpyOMD95SSywNLbCVPUZ1pF9C
> Hhqg9ozRf8Sqvx27ak/573iTebRuZlqyFjL7IRymUncdmrl7AhmvvZJmB4Or9FUe
> Y4W31mQs+70BmLxwb1V00Qk5gzjOSNrCkWE7a+eVUypvRLVbMX6Chb2WPbJgTyiI
> szJL4UZn5VktZd4PuRFiwXRxrEaZH8sEBj5qurlVPmA6iwL0dS+OqyjOdoL4MT3x
> sGRsNfSvbxzDh9714AMbTfFweJ2Jsfbl2a1s/2Hv3bxui1VqSMLA4X8C/TQFUmsN
> 2jX5BrFDsfitWGRpjT/a7Xdsc/wwnyEbL6FvIRq1V/R48PNcUu+PjGxUS7DxHivC
> DviUXUyXSXrpDJncbtE/RMXlPD6Y8KM/yyqfVFPyJ8Y43FLzcmhez6ndbO2NLr6E
> pw5M5K2t5KmHhM8wtaVcKAr2VK06yqlYABzvwYviLnk1riknynhTf87B33380myu
> 4894f3dpFfhIW6tis1upezPUBPSoI9b8ExXRU1Xa6coiJV9xfhjKWxDH0ry0a8Vd
> so/t8UDYUZTuEEroYIcmLu9Ba1jACJ1C/TmAAyI1eA8tDBiYrUERRLTIpbdrZkoa
> wd6zjNcmSWl6FApBMQHVS/gzomCANJuUyOXg9gWqXR6/oT6rc5U=
> =s6Xn
> -----END PGP SIGNATURE-----
--- End Message ---
