Your message dated Sat, 04 Jul 2026 12:32:06 +0000
with message-id <[email protected]>
and subject line Bug#1113825: fixed in python-xmltodict 0.13.0-1.1~deb13u1
has caused the Debian Bug report #1113825,
regarding python-xmltodict: CVE-2025-9375
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1113825: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113825
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: python-xmltodict
Version: 0.13.0-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/martinblech/xmltodict/issues/377
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for python-xmltodict.
CVE-2025-9375[0]:
| XML Injection vulnerability in xmltodict allows Input Data
| Manipulation.This issue affects xmltodict: 0.14.2.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-9375
https://www.cve.org/CVERecord?id=CVE-2025-9375
[1] https://github.com/martinblech/xmltodict/issues/377
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: python-xmltodict
Source-Version: 0.13.0-1.1~deb13u1
Done: Adrian Bunk <[email protected]>
We believe that the bug you reported is fixed in the latest version of
python-xmltodict, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adrian Bunk <[email protected]> (supplier of updated python-xmltodict package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 03 Jul 2026 17:27:34 +0300
Source: python-xmltodict
Architecture: source
Version: 0.13.0-1.1~deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Sebastien Badia <[email protected]>
Changed-By: Adrian Bunk <[email protected]>
Closes: 1113825
Changes:
python-xmltodict (0.13.0-1.1~deb13u1) trixie; urgency=medium
.
* Non-maintainer upload.
* Rebuild for trixie.
.
python-xmltodict (0.13.0-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
* CVE-2025-9375: XML Injection (Closes: #1113825)
Checksums-Sha1:
d97f8be3c9c271aca9b1fb21065215a5403ff7cc 2062
python-xmltodict_0.13.0-1.1~deb13u1.dsc
00946cc0be1ba2f81263a5db5ef2912dabd9804b 19569
python-xmltodict_0.13.0.orig.tar.gz
d85bc511178b649905467a4dd66ca1f1f1e2f5aa 6008
python-xmltodict_0.13.0-1.1~deb13u1.debian.tar.xz
Checksums-Sha256:
4ddf7646db11a2277cac17d5bb09e35693bef329d35866a616590a50d15633e4 2062
python-xmltodict_0.13.0-1.1~deb13u1.dsc
d74f4099d42bcca273ffd3bc9766abaa8765960eabc4399f2a6ad48cb4f58ce0 19569
python-xmltodict_0.13.0.orig.tar.gz
12c352de545abae122f476b2de665a07b27b7e49cc9aec644bfb577cb0cb4a5e 6008
python-xmltodict_0.13.0-1.1~deb13u1.debian.tar.xz
Files:
920dff5285046f0a5668a3692e15a438 2062 python optional
python-xmltodict_0.13.0-1.1~deb13u1.dsc
20344fa3fe582e5cb412ee92b03c8c5f 19569 python optional
python-xmltodict_0.13.0.orig.tar.gz
6910eb41751b17f1efa910fbf185aacf 6008 python optional
python-xmltodict_0.13.0-1.1~deb13u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmpHypsACgkQiNJCh6LY
mLFcFg//a+HtDRw/YC9/q8K+tQc/OjL+mXUztOFdq0XrFBdnBLsxoChrKaG8RDnz
ILsAqKMhNU3sPffzn1qG+KD0Xo55Ae00auHJ1C7XZUEkPioYDAlc7q1e02F8UXp+
84XkpRrQUbCnNkuH9klkSeCjtT6wk/ZRHhSzfgLJR4lBOOM3ZhX05aftg9ytuqQz
CR0PjfAKurPq7cTfe4ariZGL9RMMWfdU6bD2SYGk10MKiQPBvlyk2fofN+z8dQtd
XwK4aHwj7OYTQYTmVJfugE3Wx1ChZ9bpCIetMuDDCEYzOUK55E7BJj6XzLGxiMez
kd/qrsaoSNX2rp70YE2w8AsdmzqA/20PnvahfHoOwOlJcIcEj8iR3L25yIZv16KE
RLmhUx9uKiKNebun/9SYKt0Mh4hrwcbzWNXCPOY8V6rE4qQGo7gqy9BT22knS+qZ
11Icn3WVpxEhiINn9hmoNbFmXx2TF0fsevuCYX1YtlKKvHGWNYsKBgAOdIOoaQ4b
DMbhVCVA/ni8clFplP03ZQKgH7nGqPKmuxYdkHmsZDN36+Laqt1MjSUHFqef3jtb
4MvVXwzQUhFzzwIS3lVOHxlpzHGdeaneUTjXw6T50G8b7EhW2hCj3lQkZ7pcY8oR
VklfgB3iKE+rfuWKDljBPePJ71dClgZW+rDqIiJoW6dvIP9uRLw=
=r2FS
-----END PGP SIGNATURE-----
pgpTQ767ImzRB.pgp
Description: PGP signature
--- End Message ---