-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 03 Feb 2026 18:32:37 -0400 Source: python-pip Architecture: source Version: 26.0+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian Python Team <team+python@tracker.debian.org> Changed-By: Stefano Rivera <stefanor@debian.org> Closes: 1126875 Changes: python-pip (26.0+dfsg-1) unstable; urgency=medium . * New upstream release. - Fixes CVE-2026-1703, a path-traversal attack when extracting malicious wheels. (Closes: #1126875) * Refresh patches. * Bump copyright years. * Bump Standards-Version to 4.7.3, drop Priority: optional. Checksums-Sha1: 870535b293e24bc325726b8e425721902e254af9 1843 python-pip_26.0+dfsg-1.dsc 8293752e897b556b56c819042c172d33313df670 1100392 python-pip_26.0+dfsg.orig.tar.xz df1cb3dc7d5bc47c8be433b38e785922b5077110 21956 python-pip_26.0+dfsg-1.debian.tar.xz 5631d65a13be26f50a777245143c6caa47be6ca1 6091 python-pip_26.0+dfsg-1_source.buildinfo Checksums-Sha256: d3fcf036a12260552e4a8016e4119091cf8bf9af19dd80c37c68964f5786f9c5 1843 python-pip_26.0+dfsg-1.dsc 2425cd0591c47ce0dac1c0a05eed38150771daab9d8a8408a0168df679b4ff57 1100392 python-pip_26.0+dfsg.orig.tar.xz a78d85ade41ff65de962a1ed6ffd325b62ce84db38806c593b14cb27aeb1c7b5 21956 python-pip_26.0+dfsg-1.debian.tar.xz 84aba00e9ef9ffc0d121962fba0884c5b31cd835c7f9c9694daa1a034e36626b 6091 python-pip_26.0+dfsg-1_source.buildinfo Files: 56a76c6b048e1c8850025e8cc94c2142 1843 python optional python-pip_26.0+dfsg-1.dsc b04525b1d1527907c66943e7939b4ee4 1100392 python optional python-pip_26.0+dfsg.orig.tar.xz 42495a5c68bcc86a354b6c4dece925de 21956 python optional python-pip_26.0+dfsg-1.debian.tar.xz e9c182a1907ddc1f6930a5724f002662 6091 python optional python-pip_26.0+dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iIoEARYKADIWIQTumtb5BSD6EfafSCRHew2wJjpU2AUCaYKV0xQcc3RlZmFub3JA ZGViaWFuLm9yZwAKCRBHew2wJjpU2BQNAP4x3jVtRqIyK+7oubRAJRKDlzZKj7p8 mHPuIFh1/j1L0QEAuLwGKg+rYBnAdHU7KeTT8SF3dB60r3auKM1UHZL0vgc= =oOl2 -----END PGP SIGNATURE-----
