-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6161-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 12, 2026 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : multipart CVE ID : CVE-2026-28356 It was discovered that the parse_options_header() function of multipart, a Python multipart/form-data parser was susceptible to denial of service via malformed request headers or multipart/form-data streams. For the stable distribution (trixie), this problem has been fixed in version 1.2.1-2+deb13u1. We recommend that you upgrade your multipart packages. For the detailed security status of multipart please refer to its security tracker page at: https://security-tracker.debian.org/tracker/multipart Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected] -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmmzF0MACgkQEMKTtsN8 TjZyAxAAvisvWxSQiKHk9enKhQZjqvqRGuoVwWg6eyM16b1EJ4TRbNoEVgwCGrjI PXGABoMdGdLDq3qZw5I4BSp5ytD3kVn/fB+7jR9wTF/eC6RIVREN4hhl2mG/66p/ 1dWooGYJ+Jh/lpO1voS3eBtB42uxbCAXojdYCSLVfGFTHhnOygGYKMPn7CjXXn/e +/HaCVva/IV6cGf8GspvHsyirddTQosd/LIm3elZQ7nhghP9Ct25rmfOelD4jNSt nER2foxVtq8vsamf0q5esr2YIrGHSveekfnJU1BUE93Tc9LEjNrAxRNZ9dcmpXE2 N8j/MTH70B9HSunKN5WkeJQzGjsnYm14uT6OzZGVJQEnhPeG4M3fdHD01NBkRg3R auvoOsOUD6KpdYUFunz80vh7z2m8uMJbYP8Et0pK/pLwdN3aY91/Z4x/HVgrOdE9 qJFkHcGF52fKNeoe+GQ30twtOFXIIfPvp9UXjfNb7GNqPbFT0Q/VinQwq/cn9MiO qP+nEfPZ6CPuf1OLYZ2v2TUZKA8xh1/3YTIQrygxoh1X6/zTVWdozR4yisREAeXX BJ53TQlzCIpRXwiIj6uZ2T3y78kMw/WUaZN6f966SvIUykNY2AzlldO+Jcw+bEfh AWVnPOBcRQ0xWfZPCl4R38x2GKwiSWGPl2+o0t6bkmaq5zOplNo= =dGjF -----END PGP SIGNATURE-----
