-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 20 Jan 2026 11:45:10 +0100 Source: python3.9 Architecture: source Version: 3.9.2-1+deb11u4 Distribution: bullseye-security Urgency: medium Maintainer: Matthias Klose <[email protected]> Changed-By: Andrej Shadura <[email protected]> Changes: python3.9 (3.9.2-1+deb11u4) bullseye-security; urgency=medium . * Non-maintainer upload by the LTS Team. * Add salsa-ci.yml. * Drop Build-Conflicts: git. * Unexport PYTHONIOENCODING to unbreak tests on Salsa. * Disable test_mmap as it fails on Salsa. * Apply upstream patches for the following CVEs: - CVE-2022-37454: integer overflow and buffer overflow in the Keccak XKCP SHA-3 implementation. - CVE-2025-4516: issue in bytes.decode("unicode_escape", error="ignore|replace") - CVE-2025-6069: quadratic complexity in html.parser.HTMLParser - CVE-2025-6075: performance degradation in os.path.expandvars() - CVE-2025-8194: infinite loop and deadlock in tarfile - CVE-2025-8291: incorrect ZIP64 End of Central Directory handling - CVE-2025-12084: quadratic complexity in xml.dom.minidom appendChild etc - CVE-2025-13836: OOM or other DoS due to incorrect Content-Length handling in http.client - CVE-2025-13837: OOM or other DoS due to incorrect data size handling in plistlib * Update libpython symbols. Checksums-Sha1: 9286c4ff5444a3c9f3577b22cfa73e785d5f8fa6 3104 python3.9_3.9.2-1+deb11u4.dsc 01ca7185264d2cb177576b314526037a62e4336b 295780 python3.9_3.9.2-1+deb11u4.debian.tar.xz 6fecff7ab560e4f5a2fa50576d7fc06bf7378812 10475 python3.9_3.9.2-1+deb11u4_source.buildinfo Checksums-Sha256: 5a5112478bd5d1b58eb0fa1ebff39e29d4d6cb5bb72ee459365067590395c4e2 3104 python3.9_3.9.2-1+deb11u4.dsc 3ba2596aacbe002f3d67287cae8389e153f3d4f17e29a7a5e7471f5125dc33dc 295780 python3.9_3.9.2-1+deb11u4.debian.tar.xz b25efc84eb975c09a55151e43e19eedf20a1110d825093b6f1cf8b35429a5b08 10475 python3.9_3.9.2-1+deb11u4_source.buildinfo Files: 7f2aafb927d4ac207e9f5cc68c52031c 3104 python optional python3.9_3.9.2-1+deb11u4.dsc 82198db98b2180327433c8a9cb0a0a40 295780 python optional python3.9_3.9.2-1+deb11u4.debian.tar.xz bbc6e935a5319bc4ed871649a12b37e0 10475 python optional python3.9_3.9.2-1+deb11u4_source.buildinfo
-----BEGIN PGP SIGNATURE----- wr0EARYKAG8FgmlvXSEJEOhEa0rIx3JhRxQAAAAAAB4AIHNhbHRAbm90YXRpb25z LnNlcXVvaWEtcGdwLm9yZ2m/8sE+mRLZQjV0sC1imKp21zX1d+0OBcbVBB5wwQpV FiEEg9zRf0SyLMg2Vu2h6ERrSsjHcmEAADYzAQDJJz28XlX3zY1mgUFbA27QOWMe kcwKOTNdIBgCa244/wD/ZUFlyKdLCn9JKCittvRusfVjoYD9mqyT8/Neb4dalAU= =kmIS -----END PGP SIGNATURE-----
pgpyhPeMM9wGG.pgp
Description: PGP signature
