-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 12 May 2026 12:17:27 +0700 Source: python3.11 Architecture: source Version: 3.11.2-6+deb12u8 Distribution: bookworm Urgency: medium Maintainer: Matthias Klose <[email protected]> Changed-By: Arnaud Rebillout <[email protected]> Changes: python3.11 (3.11.2-6+deb12u8) bookworm; urgency=medium . * Non-maintainer upload. * Apply upstream patches for the following CVEs: - CVE-2025-13462: Incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined - CVE-2026-2297: SourcelessFileLoader does not use io.open_code() - CVE-2026-3644: Reject control characters in more places in http.cookies.Morsel (follow-up of patch for CVE-2026-0672) - CVE-2026-4224: pyexpat.c: Unbounded C recursion in conv_content_model causes crash - CVE-2026-4519: Reject leading dashes in webbrowser.open() - CVE-2026-6100: Possible UAF in {LZMA,BZ2}Decompressor * Add patch to skip some failing XML tests. Failure is due to the fact that we build / tests against expat/2.5.0-1+deb12u2, which was patched for CVE-2023-52425, and that broke some tests. See the patch itself for more details. Checksums-Sha1: 9cdd90672e2ca5c77cadda6f6a767f7d5cacd302 3805 python3.11_3.11.2-6+deb12u8.dsc 54d04be4309e6fb445477dd0ae2ac548cee473e7 26437858 python3.11_3.11.2.orig.tar.gz d08f7d92da0cce45e2ddc5e2fe4c579c5f1473cf 279556 python3.11_3.11.2-6+deb12u8.debian.tar.xz 79d65f9d65870167dfa0e7f13968c85ee2bf091d 6460 python3.11_3.11.2-6+deb12u8_source.buildinfo Checksums-Sha256: 197fa19ab45f41c820f40f6d9ead671c2ea29ddc53ba9424b36f1bf58458a10e 3805 python3.11_3.11.2-6+deb12u8.dsc 2411c74bda5bbcfcddaf4531f66d1adc73f247f529aee981b029513aefdbf849 26437858 python3.11_3.11.2.orig.tar.gz ece2d63c70ac0b7a401fbe6b51b0103be997c294a01a3865549be1862794ba97 279556 python3.11_3.11.2-6+deb12u8.debian.tar.xz a72a2082c12e1445a5ad76ad6f51ebfe7a6bcbc1db304893ce4b0b1e9a82b591 6460 python3.11_3.11.2-6+deb12u8_source.buildinfo Files: 2595d8a6c6f526b0ed4b9446dc7ca98a 3805 python optional python3.11_3.11.2-6+deb12u8.dsc f6b5226ccba5ae1ca9376aaba0b0f673 26437858 python optional python3.11_3.11.2.orig.tar.gz 36d0852316a8a5187d2b8e719b39b9f7 279556 python optional python3.11_3.11.2-6+deb12u8.debian.tar.xz 0829e3aa6ce98730ffd7ffb8e492f898 6460 python optional python3.11_3.11.2-6+deb12u8_source.buildinfo
-----BEGIN PGP SIGNATURE----- iQJHBAEBCgAxFiEE0Kl7ndbut+9n4bYs5yXoeRRgAhYFAmoD99ITHGFybmF1ZHJA ZGViaWFuLm9yZwAKCRDnJeh5FGACFmnRD/9yI/jPyTLTnkzrNvPT0dwZFLZzgRIP P2zDTe0ht7pAGXEvfCoWZfWN3xGskrX7yhLuXuZ80wprGJj3TYZxckQnV+W/HWRQ 45cZRuguc9vaD2biUw6FCtlB8UUYZiJxkuGrkPtOORdqGUD9UGYte3H5nsw5Tv4H 8OeDCu2d96c3JuMiah7rdfdZN1kKIjzgNyqtJyiVQwLTTn/sERvlrTQ4QIXKZ1U9 pGl8dv1UzmM/4nKYwewAuIzx8YoScGexcS8kiWT+k01HmMtbtNW8KvcHVNFgUVkL yNIAT8F/b3UFs5K2Z7wRmIi7ZGfJnYm5ENvTqpolNq5pLPx4kvZU2NJ5KmgurK+j To0gytaClUX8I/sNP4nRjo9kD0rzRyzcEF1TeeCXpEgQFJ3IQzZiZeZlsinwFun2 wr/bOm5nk0IutvSi0tF3WYAZCRP0mHMwKn+CgBAWpli4PfNxKBdZfLk21BWEnggN vQFNTEEQYDdgm1FPwFJpXdjjKAAPDxOL4hwbu+7X3EOKab53l7LfXYFgSOoB6Zd0 pGq7pdnPRO8XZxLcWO8GjR729TZ31ulzIMYlynEE6z4IWYOh2Et78WlnPGAtq8rS z0MQCYWpsiwHM9WbBKOszG393H7gFQjEbdp5mbshO7CyjpgNsBK+0QXdgnwSHHx6 R/rE+u+N/RwzlA== =P/NG -----END PGP SIGNATURE-----
pgp7NSvP_E6Ev.pgp
Description: PGP signature
