Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted pypy3 7.3.5+dfsg-2+deb11u5 (source) into oldoldstable-security
Date: Fri, 31 Oct 2025 07:20:27 +0000
Signed by: Andrew Shadura <andrewsh@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 31 Oct 2025 08:04:59 +0100
Source: pypy3
Architecture: source
Version: 7.3.5+dfsg-2+deb11u5
Distribution: bullseye-security
Urgency: medium
Maintainer: Stefano Rivera <stefanor@debian.org>
Changed-By: Andrej Shadura <andrewsh@debian.org>
Changes:
 pypy3 (7.3.5+dfsg-2+deb11u5) bullseye-security; urgency=medium
 .
   * Apply security patches for CVEs in the standard library:
      * CVE-2024-6232: TarFile header parsing was vulnerable to ReDoS
      * CVE-2024-6923: The email module didn’t properly quote newlines for
        email headers allowing injections.
      * CVE-2024-7592: HTTP cookie parser incorrectly processed backslashes
        resulting in excessive CPU usage.
      * CVE-2024-11168 and CVE-2025-0938: Process square brackets in URLs
        according to RFC 3986.
      * CVE-2025-1795: Separating comma could be Unicode-encoded
      * CVE-2025-6069: html.parser.HTMLParser class had worse-case quadratic
        complexity when processing certain crafted malformed inputs
      * CVE-2025-8291: zipfile module did not check consistency of the zip64
        end of central directory record.
Checksums-Sha1:
 94b2c84df66b4aabb18f4c3fd0f816c9d0a1e78c 2200 pypy3_7.3.5+dfsg-2+deb11u5.dsc
 0f40fd6182bfbf4a872d031e7b2ee7df3bb19090 92556 pypy3_7.3.5+dfsg-2+deb11u5.debian.tar.xz
 8fd9eaecd2fc550b820c3c37bf17aa4dfefba41b 8879 pypy3_7.3.5+dfsg-2+deb11u5_source.buildinfo
Checksums-Sha256:
 a3c28e7ac986a27f8ad4fe08222b913dadf03b35b40f6afce7f45efc1846d19e 2200 pypy3_7.3.5+dfsg-2+deb11u5.dsc
 afd3fc6ea4ea821fdb4a298237fe6b6358fd4f22142341a1929ad7fd32985b00 92556 pypy3_7.3.5+dfsg-2+deb11u5.debian.tar.xz
 62e1de5bc0116ffb9796ba2d6fb4ff575662f9e504960f95c46ecaa7b657a5c4 8879 pypy3_7.3.5+dfsg-2+deb11u5_source.buildinfo
Files:
 913270f1e2e3f21400aec3fe26305bbd 2200 python optional pypy3_7.3.5+dfsg-2+deb11u5.dsc
 6e16baf0e3aaa68c133e6b256d01cac1 92556 python optional pypy3_7.3.5+dfsg-2+deb11u5.debian.tar.xz
 0c4d48040440f511ef665c9038a0421e 8879 python optional pypy3_7.3.5+dfsg-2+deb11u5_source.buildinfo

-----BEGIN PGP SIGNATURE-----

wr0EARYKAG8FgmkEYAIJEOhEa0rIx3JhRxQAAAAAAB4AIHNhbHRAbm90YXRpb25z
LnNlcXVvaWEtcGdwLm9yZ6Zz/DIJ+moyMcKD5Tm8Oid1onvFppiYBA4rnlsASdYM
FiEEg9zRf0SyLMg2Vu2h6ERrSsjHcmEAAPSaAQCSivHI5HOqELtXVksRXyA3CBz2
IJnjHv0z1CR9XbF63AD/QBQ435GwyCrny4Ok9dfiX/CQXUJ4+QWbhww0RcW+RA8=
=mamS
-----END PGP SIGNATURE-----

News for package pypy3