Your message dated Sat, 04 Jul 2026 13:17:34 +0000
with message-id <[email protected]>
and subject line Bug#1113825: fixed in python-xmltodict 0.13.0-1.1~deb12u1
has caused the Debian Bug report #1113825,
regarding python-xmltodict: CVE-2025-9375
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1113825: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113825
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: python-xmltodict
Version: 0.13.0-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/martinblech/xmltodict/issues/377
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for python-xmltodict.

CVE-2025-9375[0]:
| XML Injection vulnerability in xmltodict allows Input Data
| Manipulation.This issue affects xmltodict: 0.14.2.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-9375
    https://www.cve.org/CVERecord?id=CVE-2025-9375
[1] https://github.com/martinblech/xmltodict/issues/377

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: python-xmltodict
Source-Version: 0.13.0-1.1~deb12u1
Done: Adrian Bunk <[email protected]>

We believe that the bug you reported is fixed in the latest version of
python-xmltodict, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adrian Bunk <[email protected]> (supplier of updated python-xmltodict package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 03 Jul 2026 17:45:21 +0300
Source: python-xmltodict
Architecture: source
Version: 0.13.0-1.1~deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Sebastien Badia <[email protected]>
Changed-By: Adrian Bunk <[email protected]>
Closes: 1113825
Changes:
 python-xmltodict (0.13.0-1.1~deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Rebuild for bookworm.
 .
 python-xmltodict (0.13.0-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2025-9375: XML Injection (Closes: #1113825)
Checksums-Sha1:
 f5365daaabfba8d82008cd10d29ece65c4020e27 2062 
python-xmltodict_0.13.0-1.1~deb12u1.dsc
 11455a05b7739b29008a07c9c8f5f475ee2a625d 6016 
python-xmltodict_0.13.0-1.1~deb12u1.debian.tar.xz
Checksums-Sha256:
 ffac82c35328c4ad0bc524ec4af488b34c7b01f195e3b1e4a416fd302349e971 2062 
python-xmltodict_0.13.0-1.1~deb12u1.dsc
 ae6c8f1cf593fea4f7693bf3be3ac64ea659e29bd124618e215b4e27ba7207c2 6016 
python-xmltodict_0.13.0-1.1~deb12u1.debian.tar.xz
Files:
 7bf8d42d7f4b68df78e80c898a5b0df2 2062 python optional 
python-xmltodict_0.13.0-1.1~deb12u1.dsc
 38151766bbeec1df11a2bc8791cd902c 6016 python optional 
python-xmltodict_0.13.0-1.1~deb12u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmpH0nAACgkQiNJCh6LY
mLGZQA//cE8ZJKFOLbf/XS2kai4Qzj4n6bJF61XwNYEv60mLKwEfYiGGqRKrdCQ1
2WVh/NTZU2/d9AvCuCteuwNOTABYF3y/rQU0mrMECZ4MlVx43kKoMNFW+u27El5c
8FIhAwaOvazwSCwfhFysfAFuIVhmqgIfM4p96bUdOL1wldjWppH5eGkKppkbN7B7
7ZDmq2psyHmhUuyjfPANqQj6cGE2HX1FK2XQK9P6tvpZPB2zUt6XmbzbKWnU2eVc
+hRgtKOgr8jNH63YjES4AjM9gTUW3+ET03BX4w+vgpb4h8BQlLgYiUHssf/QFOs8
WhWCX2MQCbu0y2hlJpt6UjbMSDrnZZcy1TQrwyulRlRaQRfB9ahINbPAmwPz/zT5
OTt1peundJ1zerdIjNTu2/1nf/k2b0pVuR6pRKWDExsbfyjXZiONNYQjop/lIZvc
xlhbI1JnodO0RHmLqXpVyGQQKbI78VJA4LIg7EtkljYp63AroeQq7ewBdu1DEO2/
fdSMhf3qkvT5Ss/7JdDnSUSnMApbSXg2EfvxBR+JXGEpmRIGT4+tD24zhgimz63E
R6kmJZvQjE8yxweaJLGYii531OTaehIw3XSkSOiC4i+AtHMaJFIDtakkpZb7jcGE
V0x5cEvYlD9A9OaiVNVXz4jUBJpqqyWa+mffTXYYcGsIBRi3TWQ=
=dg55
-----END PGP SIGNATURE-----

Attachment: pgpkGXean8Ot5.pgp
Description: PGP signature


--- End Message ---

Reply via email to