-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 27 May 2025 15:19:40 +0200 Source: setuptools Architecture: source Version: 78.1.1-0.1 Distribution: unstable Urgency: medium Maintainer: Matthias Klose <doko@debian.org> Changed-By: Lee Garrett <debian@rocketjump.eu> Closes: 1105970 Changes: setuptools (78.1.1-0.1) unstable; urgency=medium . * Non-maintainer upload. * Update to upstream 78.1.1 which fixes CVE-2025-47273 (Closes: #1105970) - Path traversal in PackageIndex.download leads to Arbitrary File Write. * debian/watch: Update URI to https. Checksums-Sha1: 55337a0aeb077e7d4273d19f82e9b9a5598a6c4a 2843 setuptools_78.1.1-0.1.dsc b752a80ce7dc2541ed53731347844516a80830ab 1368163 setuptools_78.1.1.orig.tar.gz 11d61d49d906d8079b3b6c8ff4ad94c1c405c091 15532 setuptools_78.1.1-0.1.debian.tar.xz 5e81821176217ccf66736e93f8173e83873c4a2e 8629 setuptools_78.1.1-0.1_amd64.buildinfo Checksums-Sha256: d0425d9385c8ad1cd5635b222dd90e1964c03de4ed3b1484317e912f0aac7e39 2843 setuptools_78.1.1-0.1.dsc fcc17fd9cd898242f6b4adfaca46137a9edef687f43e6f78469692a5e70d851d 1368163 setuptools_78.1.1.orig.tar.gz cf74bf9817f5eba7bc9bfcfbdce16ec57ba89c38280e5004b97e7caa9e1c9361 15532 setuptools_78.1.1-0.1.debian.tar.xz 5ec0fc01762b9d227d1afef9f816c4aa0c4f98d0cd0083d727072a6a64f65bc8 8629 setuptools_78.1.1-0.1_amd64.buildinfo Files: ccd15c5e3aa5e150002c2612e29fb075 2843 python optional setuptools_78.1.1-0.1.dsc ce1332cf70b71d9a481ff5a9cd3ff7df 1368163 python optional setuptools_78.1.1.orig.tar.gz ca2c4903e55e73eca2a6c2ae6082fc11 15532 python optional setuptools_78.1.1-0.1.debian.tar.xz f9c8c9b11b25c5e7201c6f92ca796082 8629 python optional setuptools_78.1.1-0.1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQQzBAEBCgAdFiEE2EfGJRCpwv8kLOAs1gShxII+4PgFAmg1w3wACgkQ1gShxII+ 4Pg3YyAAgtbIVLrhI0MczGCZUaa/A7EMecAjC0/pGj/zSR01/9DEAAmOymvB+FSB IlJvgcoUOQFUp45kwjmMXea65PLsoCxToElzQFOsT8YeOtJoCwkoXoHkKxBNBd7G w0onJB44iL1xYUJnwteEyf7zPx4j6mtm+mhxpJbH00qQExmzTvafa7V2uda37Jan ymFQ+Synx0lD1evrXGPSumh0RPgprXW7aKn/VmzENOkF1ww0orinxr4MESQ4adnp CN9HPegtAMWY1OuIXuqNm9Y9s4gzBESB0OrZT3COzDq0/Xo9nom4VAohSleIaYrr ls7udUaHt+KcjrlOuZjoF9lbGxFSGuMYmHGdn1AbS58+Q2oe+AJPBwV3kZwRhZey 3XA3BIAMWezHj0Fe8+ZjSm+QI8IRrLvjJlFBG1d+lXddeJCBQK1wrqQhNaK+3Tyj 2W4/YbGxhXjCo27yx1KbftbnZizcvH5azY2bjf65cTm6Ld7wfKPReeloycAHPrKt 6Aqplj+QWNeliKJJWeDSs5R0oc8gYpeUEF2TOtg0fVa6fdnikfoaEj8dowrgjWXJ XJtkW8lG/7+l+qp6MCxb6dIGz6fWasK0baU95rRf5/T5CBUVU1dTU6Uxxt7rD/Ic H04kFvPUt0cc7waoZYnAz+iMRS+Xv32OuMXb70iDEQcWKGWcnGaIDnUtWc1MYdGU 691pzq9d6fDosKnvuvEtAPGVvBoNe4GXPojMDEkQYJxhKXUwxZwBOHh2kEZ6R1Rn MJn72UvcEgST0Yu6cOebblLeZ+psVHbISI6ZwyoSJGeZo/Hrr5/y5hLx0NZ7XFWt WcGdsmoPOD9207ffBXvzxOkPXPMU9aN1bZEptkIdVF3FerFa6a0vKp0uthyEpto4 bVBwKtJ9dMlnE0o1antjszIC+Kg+5Fd+pKRdo3UGTv/h+Y+nNYinOExGuy+K9L3Q KotPB3/g/NafZveK54qEk0/9SFVlhRl9cXsIU6svcv+WrEj2X1FkcOIEDLLwUi9a 5vH+QFb7S01jb6C7JiKl16d+DS6gnk+XYzb4VHAm1RVX0xeOqEfsA/K2qx6IU+iN pxgP5KH1/pNM0OHo4rL1FbMKAyvrg/9cKQ4o4TgmklZ2dlDttshRbOY5AlW8nwQe fGjiyXVeV/8X5UuOW0hNh9y1ZIQmTFcm5Nh0M1U68UCqEl7jFEvpUSL9MKc7zjp7 BWivHFb3xgZXYS11+EZq1QJKOu88hUanI60F1rFrJATup7sLZCKgPQjObBZAkof2 9GJLR3DiadidC4KdiOHLxjz00g6pUaYC5tVZrOeN4DC8yDy54cq6AiL69EQa4gAm frr5xTIT7ns6nUizTPqD9mn5F+0CTw== =ojeB -----END PGP SIGNATURE-----