Source: brotli Version: 1.1.0-2 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]> Control: affects -1 + python-scrapy Control: forwarded -1 https://github.com/google/brotli/pull/1234
Hi The v1.2.0 release contains: | python: added Decompressor::can_accept_more_data method and optional | output_buffer_limit argument Decompressor::process; | that allows mitigation of unexpectedly large output; In fact to effectively mitigate the CVE-2025-6176 issue in python-scrapy, bumping the version used by python-scrapy to at least 1.2.0 is required. Details on the issue CVE-2025-6176 assigned for python-scrapy: https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0 Regards, Salvatore
