Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <>
Subject: Accepted python-urllib3 1.26.12-1+deb12u2 (source) into oldstable-security
Date: Sat, 17 Jan 2026 11:19:47 +0000
Signed by: Salvatore Bonaccorso <carnil@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 12 Jan 2026 22:53:55 +0100
Source: python-urllib3
Architecture: source
Version: 1.26.12-1+deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 1108076 1122030 1125062
Changes:
 python-urllib3 (1.26.12-1+deb12u2) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Redirects are not disabled when retries are disabled on PoolManager
     instantiation (CVE-2025-50181) (Closes: #1108076)
   * Unbounded number of links in the decompression chain (CVE-2025-66418)
     (Closes: #1122030)
   * Decompression-bomb safeguards bypassed when following HTTP redirects
     (streaming API) (CVE-2026-21441) (Closes: #1125062)
Checksums-Sha1:
 122799628707daed08d74b2eee3b79c9b15238f9 2499 python-urllib3_1.26.12-1+deb12u2.dsc
 ad6bd811a3f4c3e04d86c2706c9994c3e2236e53 299806 python-urllib3_1.26.12.orig.tar.gz
 a68c0904d599dde5e20350eac8e733d5ce4ced15 18844 python-urllib3_1.26.12-1+deb12u2.debian.tar.xz
 f4d7b7069b3e4e72cd096c8fea4fce5d0ec5af0c 7276 python-urllib3_1.26.12-1+deb12u2_source.buildinfo
Checksums-Sha256:
 ea142901b8eab6beb3c492602d9c51a1f105d4ef36ddbec58b6412a2541b1d79 2499 python-urllib3_1.26.12-1+deb12u2.dsc
 3fa96cf423e6987997fc326ae8df396db2a8b7c667747d47ddd8ecba91f4a74e 299806 python-urllib3_1.26.12.orig.tar.gz
 dd151f188f121ea7c216877798d0ca695762be4918547220f2ad58e615f4da5b 18844 python-urllib3_1.26.12-1+deb12u2.debian.tar.xz
 8a1da8c0333ed692b1cc07bfc81bcc52084f82d5a5614150cd9fb22fdb0b61e1 7276 python-urllib3_1.26.12-1+deb12u2_source.buildinfo
Files:
 33f2a517c759ada571def44a26173f72 2499 python optional python-urllib3_1.26.12-1+deb12u2.dsc
 ba308b52b9092184cf4905bc59a88fc0 299806 python optional python-urllib3_1.26.12.orig.tar.gz
 9bd223dadb0682334b7da50d9ccedb13 18844 python optional python-urllib3_1.26.12-1+deb12u2.debian.tar.xz
 7cad770e09719213f060e2259512e99e 7276 python optional python-urllib3_1.26.12-1+deb12u2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmlmUKpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EescP/R71qP3fQa0fyCmASkLTUoCWRAAZcS35
RJqd6BPo2j+ZIPnAjtOkVSn0WWkiXiM20asJE84iEvfitXQAQG5+vd/sBLQCUYC5
lHUK8QLrL5DCdhpOVoFfiquewUUr/b0HMRINvnjD/njRsaBFS10WIxMQL79rEEde
MGVmDXqbopv6BpyyTvQHro8sT2YQUZcIRuFcSIA6cQ7G1PLa3q6Kf1wrZ5W9rVwT
ucShGFt5nGUYxvbT7lVcaD/ps27KIFQ0DAdokjnPn7sQfokR85KoK8mqxOalnw9b
CE+iUnPnFciQbzMJs0tHuLgQjrvhHJj3Fpu4Z9HCzWob6OovcmERUwZFcbTXUhJG
5P7jNIwhRr8sXE1iyn24NPZpLJl2FXOeVZhN5V/jLS1AtL5aUgsZlQcO5h7ry/nb
eVivuDNDGxRlDLzV27rG/KGKIohGfpg3bXQmn1z4ZE2g51L/Rwe8Ayltg8sBIiB+
/GwRr1Mdl2yCzc9auEF0BC7CKD40EfdxpYT7hcce0W5/KFfPbhpRaztd2riYbbVl
LcJ14UUPj7+7aq1rycPOZc1hBsEoNMRvAMWzrbJYMdI0SoYtQPERZleE5vZA4YjL
KJduxHQGGpj9LCbWAUhKANC/mBmMrR81X19Bpd8kl2ImixheZnLyo8FnNHZ8VmCe
TX6h+Cv2F/dh
=hljk
-----END PGP SIGNATURE-----
News for package python-urllib3
