-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 12 Jan 2026 22:38:24 +0100 Source: python-urllib3 Architecture: source Version: 2.3.0-3+deb13u1 Distribution: trixie-security Urgency: high Maintainer: Debian Python Team <team+python@tracker.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 1122030 1125062 Changes: python-urllib3 (2.3.0-3+deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * Unbounded number of links in the decompression chain (CVE-2025-66418) (Closes: #1122030) * Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API) (CVE-2026-21441) (Closes: #1125062) Checksums-Sha1: 3ddecfde0622806a87ba522dbbfa45218e1098f8 2936 python-urllib3_2.3.0-3+deb13u1.dsc aa97066e8f8f5c46679c94cce3cf1f83415daa7a 307268 python-urllib3_2.3.0.orig.tar.gz 1b1b84a6d7f7f61eeb37484af7a844783dbe9669 43752 python-urllib3_2.3.0-3+deb13u1.debian.tar.xz d11a728cc8611e46b3e42b772ca19763a874c490 7016 python-urllib3_2.3.0-3+deb13u1_source.buildinfo Checksums-Sha256: 5169eede61e71d428de69999784affa67fe9187f7b9f9e4cff198db002583935 2936 python-urllib3_2.3.0-3+deb13u1.dsc f8c5449b3cf0861679ce7e0503c7b44b5ec981bec0d1d3795a07f1ba96f0204d 307268 python-urllib3_2.3.0.orig.tar.gz 7064e18de5f32fadc087c1102ba60d5b0c4dca51cda753be31ced6410f8e71d0 43752 python-urllib3_2.3.0-3+deb13u1.debian.tar.xz 1abd3c99a1b4237bb813d6bb4f8966ff1cdc4830a9fde61143de6e92ebc6ffb8 7016 python-urllib3_2.3.0-3+deb13u1_source.buildinfo Files: 02733cd331b8d2ce0796adc7aaf2fc33 2936 python optional python-urllib3_2.3.0-3+deb13u1.dsc 6388afd062cf2e1ef27843738629dbc1 307268 python optional python-urllib3_2.3.0.orig.tar.gz 513c930ac99393aca91ab67c069680eb 43752 python optional python-urllib3_2.3.0-3+deb13u1.debian.tar.xz c56f6efc782dd7d2ca136bf04ff55f4e 7016 python optional python-urllib3_2.3.0-3+deb13u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmlmUH1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EtrYP+gOvNPPRjLjdf2kRQ+T/6fCZWOyxDKsR bhtIbngAnpX0K8zGyLPG6DFVjsg9Ufyw8+cpfaSlW6wRlGmSWXzc/5X/dqzr9K9J 75V34aebazDuFCWXATtCs7jjMNzJgPL1pJzwL4MQJlF+pdKQCtqEyYaOBj+ctJzZ MXeBzMdzEeUDjs+bZAiYZgdUdp6gEF+DoGY0XG2ukdr+WgRdOJ8i+IyFq5phbGz4 hthF1Wq+0/XohmbgwQPs/Sr9b7h1rwFFINGhKnD/sfSQehT8uc1IM0dlGfPAeU/E o3aDgRh6iHa1/lhvTCIimTNFLlRPFnYP1CI19YsrcbLy4CTTteYfbw/ba6oM1BEr i4TDKA0OHcXo91+roLVsuz6JjpJ3JxQciXOidbLzeZB8XjVXUab20h070SCFNsi4 pzh0v3XUmRC7KalEKZpVXkK4Bm5nIJN7YPKm6asAqT67qYh5TwfRdb0RBzywlNy7 ziUrq1gUxjNwuPCXs0MaWIB8GhMRJi4XE/zyhEBITzd5a8dlSf73YcQe4Jcax43N eGVe+E+9I72wZCdKFvHoqhylWeyhET4Q+8RHMxhd1svMIDyihnFgFSlwozNj6scm E0nV/rjdUftIHGJd5a8MftAxLcHktykDnh89fr6qTvR7gaChx3/ORL7LhLLh9qNI Mtu+c3raqvmS =TIe3 -----END PGP SIGNATURE-----
