-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 28 Sep 2025 22:34:12 +0200 Source: python-internetarchive Architecture: source Version: 1.9.9-1+deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: Antoine Beaupré <anarcat@debian.org> Changed-By: Daniel Leidert <dleidert@debian.org> Closes: 1114635 Changes: python-internetarchive (1.9.9-1+deb11u1) bullseye-security; urgency=medium . * Non-maintainer upload by the Debian LTS team. * d/patches/CVE-2025-58438.patch: Add patch to fix CVE-2025-58438. - Fix a directory traversal (path traversal) vulnerability in the File.download() method due to not properly sanitizing user-supplied filenames or validating the final download path (closes: #1114635). * d/tests/control: Enable autopkgtest pytest-3 run. Checksums-Sha1: 5a490af79ac2ed194729282a605d14047ebc5722 2433 python-internetarchive_1.9.9-1+deb11u1.dsc 1e03416742699b0eb3a0ca861e9183d95d48aec4 132010 python-internetarchive_1.9.9.orig.tar.gz d760417ad6b31381db4d360226fff151bb6c42ea 17340 python-internetarchive_1.9.9-1+deb11u1.debian.tar.xz 7d90381f56cd3723aec75cfd1a5c6ea804cedd41 8272 python-internetarchive_1.9.9-1+deb11u1_amd64.buildinfo Checksums-Sha256: 39c617d78e37eb2a9d0c4a1bf03d650fa254a546ed10d9482ea510534ff80611 2433 python-internetarchive_1.9.9-1+deb11u1.dsc 53f2243ff93042c6c964bb0d577e1dd8972a6dc2bae778bfdb2dc1a0f8e640c4 132010 python-internetarchive_1.9.9.orig.tar.gz 9fe1a29c168ed30ad02ddb1dc78d38b9f462fdcd0b86f93998248f6bd616dfcd 17340 python-internetarchive_1.9.9-1+deb11u1.debian.tar.xz 0ea1af779a5c13bc47cc5a2b25b6b9d82c0854614fd789677db69212b39c1018 8272 python-internetarchive_1.9.9-1+deb11u1_amd64.buildinfo Files: 616bade1ae65f12ef568e691baca0803 2433 python optional python-internetarchive_1.9.9-1+deb11u1.dsc 11dde3ba3c2dd8e40c363bba0e16258b 132010 python optional python-internetarchive_1.9.9.orig.tar.gz 461c527a312041ad0fb671e1dde6cec3 17340 python optional python-internetarchive_1.9.9-1+deb11u1.debian.tar.xz 73b1d6c8d35f3f8e0fddda06a2e0e083 8272 python optional python-internetarchive_1.9.9-1+deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmjbCDUACgkQS80FZ8KW 0F0Z6w//WyhvDZ6Z4TuXmYU3ivKlHkIE1NplGXffmVOixQohK671pfW0KvqWobK9 NZO+3K2ZQhk6+suXytAe2KbPmXuX8dEUC09BJlHst9xHrlYQ/oR26pwC4zSQQilG 0CzLiDj6qRIv5V2tkB+grWkmmlBg7k+LGbuFFHwJk/r/CxPB32ce3DzvoEKNmLPy +FpP0xEne4gkKbkTTcitItqYtivqDlUDWIePogP+1miwGZp8jihk2uFq1RMmQCgm YspjKF9aXwHgypfLhkoV9ZPKJJ7o8xcXctrmDCGIKE7/DBBGXB4X8WpLnSQrrvYK uXoSPxMlL5TjDWG0GT+k+QrhlxtvJM+Hso41HlwdJu9M6jSoC1kTtCiey913q8Cd AQl6H/eDQ9tiEmaQFCuq+ABWWIT6bJvbmnqhjWZvcZUq/SipqVH7PHuiZgNW0FKM ixwO6vMBwCGJSnooHlWNvWwJW6jwHsk+eZyPXKUdOK38CzFbkbmMwqcvHQ1Cj+PT 7/mFr/mxkMBU8j2l4IE2/6w3aJH9DnpvPPXCEdpsJpLdxYIzp79xuAXlBO1eufXI 6mjajx0GkVCPMu5EJzWHoEs4Wwq7rgISKVCeFPKv2YlTiEyoYfkfCJGy/zn+tJgL sCYpE3TgHOtD2uNy3flEfdWOpl+gDZjTD7G1sptTDKk6hmvRnoU= =vPih -----END PGP SIGNATURE-----