Bug#1122213: marked as done (python-scrapy: Bump brotli dependency to >= 1.2.0 for effectively mitigating CVE-2025-6176)

[Debian Bug Tracking System]

Your message dated Thu, 12 Mar 2026 21:20:08 +0000
with message-id <e1w0nrw-00000009ivj-0...@fasolo.debian.org>
and subject line Bug#1122213: fixed in python-scrapy 2.14.2-1
has caused the Debian Bug report #1122213,
regarding python-scrapy: Bump brotli dependency to >= 1.2.0 for effectively 
mitigating CVE-2025-6176
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1122213: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122213
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: python-scrapy
Version: 2.13.4-1
Severity: important
Tags: security
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: block -1 with 1122212

Hi

The bump of python-scrapy adds support to mitigate CVE-2025-6176. But
to be effective the brotli dependency needs to be bumped to the
version which adds support for limiting output size in Python
streaming decompression (Cf #1122212).

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: python-scrapy
Source-Version: 2.14.2-1
Done: Andrey Rakhmatullin <w...@debian.org>

We believe that the bug you reported is fixed in the latest version of
python-scrapy, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1122...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andrey Rakhmatullin <w...@debian.org> (supplier of updated python-scrapy 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 12 Mar 2026 21:08:39 +0500
Source: python-scrapy
Architecture: source
Version: 2.14.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <team+pyt...@tracker.debian.org>
Changed-By: Andrey Rakhmatullin <w...@debian.org>
Closes: 1122213
Changes:
 python-scrapy (2.14.2-1) unstable; urgency=medium
 .
   * New upstream version.
   * Add Multi-Arch: foreign to python-scrapy-doc.
   * Specify a minimum version of 1.2.0 for python3-brotli (Closes: #1122213).
   * Drop explicit Depends on python3-lxml and python3-pydispatch as they
     should be calculated in the normal way.
   * Add B-D: python3-zstandard.
Checksums-Sha1:
 cb228a585609c8743f45a77c20e5a96d4f8620da 3628 python-scrapy_2.14.2-1.dsc
 5c0973231e4dc8de53b1b940612590798c272bb3 1301829 
python-scrapy_2.14.2.orig.tar.gz
 94a44a92fb370872b61087476a1fe9997ae5e52b 13248 
python-scrapy_2.14.2-1.debian.tar.xz
 db26133eb65c2768a44f6ebb00aa6f6b95367fcf 12671 
python-scrapy_2.14.2-1_amd64.buildinfo
Checksums-Sha256:
 94eb0157dcc8ba672c646b573bde2dd4643dea6acece110d9b6bdd50daf4d6e4 3628 
python-scrapy_2.14.2-1.dsc
 cfa6f1a0b27d68e5669933451a97f5e546f25bc69c32a5f0539b17b0e448ca17 1301829 
python-scrapy_2.14.2.orig.tar.gz
 5d32af8c212d7bfc0fe96e65a11c8c718a2588f6a44b60b389cef96ade92fd40 13248 
python-scrapy_2.14.2-1.debian.tar.xz
 8b58ea114971df5aa0ca2f654310ff5bf0474add33cee8eb11b0fd27813a9e67 12671 
python-scrapy_2.14.2-1_amd64.buildinfo
Files:
 d878da7eb23d2cd46b508aa98ddf0ea8 3628 python optional 
python-scrapy_2.14.2-1.dsc
 8b70765e024a485d1d9ebeb7657a8063 1301829 python optional 
python-scrapy_2.14.2.orig.tar.gz
 2651e21a35218a07082c5d19b0b4bf21 13248 python optional 
python-scrapy_2.14.2-1.debian.tar.xz
 90b7ebc0aef9391ab4504818dd10eb9b 12671 python optional 
python-scrapy_2.14.2-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtf6ieDcfC1EgtGkao+OWn23e7IYFAmmzKq8ACgkQo+OWn23e
7IblSxAAoUvKiXlVsM4eCtkF/ZGnJRLNkct0gTb4SYcqVur865oQhiozCOfhj8xa
pqzaPRIHuBidnmEFOSD0QVcPmZNG22eBHWgosWik2dzc7NQLYmHl79tWRkb/AnvK
i/7Lsx3V/GdQUUg2o57D/zjGdEL4vb/tYT7lGh4zgZ75TWcBsAl2bEKI09GUP7dU
IWJIcQ3UaojQj+onbeTIed3aZ2zcp8Hp6cSBIBPTdXHqYJj50ODOnuTNJ2LY4uU1
Z4elgFBBfRHNRuZVbo4TSAR5RdYh7OB9IciF0WeWATRlSCoUmijszuKUUefVIgWt
aZO41C/v9IaG7RfMXS1RXqoq+6+Q/8zYLn3h80BsN7vnU1pTOrhQT6KiK6ppx1vF
f7msQq/w1DGiScG1G2zOvDqMSA2HeqIzXWuL4flhb3IhmYyweTiAJxjVaErBgXo1
B6wftq+TSdyoncEQTjNZPG9bxzTAnkbbcBDdnnw66ZPowlJDtdSS+5TY9i4Za/4m
oVo+OJT1wsk5L/ApRRDZxmtCn7mp3L568llX2xtq2z6yHlGXJ7EerPUWm7iPvXmB
rNGAK0vf235aCsQZbAm+qjHE43YFhcxw6XSsHEX07F2040B3pxkWkM/eww6tnxZg
WB/rhHomXjiqxM4qicK/x9pfdLxR48Sd4316bdqdaZQVSAnyQsc=
=ugEU
-----END PGP SIGNATURE-----

pgp7xUDIBEsY1.pgp
Description: PGP signature

--- End Message ---