Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted python-urllib3 2.6.3-1 (source) into unstable
Date: Fri, 06 Feb 2026 01:05:07 +0000
Signed by: Colin Watson <cjwatson@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 06 Feb 2026 00:37:49 +0000
Source: python-urllib3
Architecture: source
Version: 2.6.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Closes: 1122029 1122743
Changes:
 python-urllib3 (2.6.3-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream release:
     - CVE-2025-66471: Fixed a security issue where streaming API could
       improperly handle highly compressed HTTP content ("decompression
       bombs") leading to excessive resource consumption even when a small
       amount of data was requested.  Reading small chunks of compressed data
       is safer and much more efficient now (closes: #1122029).
     - Fixed HTTPResponse.read_chunked() to properly handle leftover data in
       the decoder's buffer when reading compressed chunked responses
       (closes: #1122743).
   * Bump Build-Depends/Suggests on python3-brotli to >= 1.2.0 to improve the
     fix for CVE-2025-66418.
Checksums-Sha1:
 d5e3ad6373360c72f77d74cf9a0c32e1dd16c6ea 2962 python-urllib3_2.6.3-1.dsc
 31cb9b89e7b94424580b1d80d4459d36ba7b52c2 435556 python-urllib3_2.6.3.orig.tar.gz
 d7daa88d40df10aabbb20fcbe1e24ae1c8a39b73 38172 python-urllib3_2.6.3-1.debian.tar.xz
Checksums-Sha256:
 421ea1b5674fbc0580bb159856a6ea81224f58dce6c98d305549d98b61a34a67 2962 python-urllib3_2.6.3-1.dsc
 1b62b6884944a57dbe321509ab94fd4d3b307075e0c2eae991ac71ee15ad38ed 435556 python-urllib3_2.6.3.orig.tar.gz
 f4de7d8e6cfc6b6141b22ed1bee7f143d6f1b5150bd8ad4e77280d66d17ee4ac 38172 python-urllib3_2.6.3-1.debian.tar.xz
Files:
 f7ee52094ad0e63c20275c8fe55eb7f4 2962 python optional python-urllib3_2.6.3-1.dsc
 2c381874816fe551f50a2551abae62b3 435556 python optional python-urllib3_2.6.3.orig.tar.gz
 bf11c7414e82546a8ed9b58c293ca74e 38172 python optional python-urllib3_2.6.3-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmmFOMgACgkQOTWH2X2G
UAuocw/8Dm0fX3rx24wfz1GcvUzcehQv/1Mh2pHgOUGT1/m3vyhaBcY0UryG548g
4HHxi14q98nYcK6jbriUjJEvc01n7ndec72qLa3e+Wqa2wHCgCQQoiKpeHLRPyNi
x/Kl5Su1U1qg7qbqqQ2p5Qe6SajipeD1eHhCW85O3FKEFhTgat/iNacjRMEIJPpl
GoauBUQuU5ezE2JBuGF6jOKz3RN0EFIO38BAIOVkq6yp4O1iLU27CMCk5i4Lyo8D
uHDWsJI7kPdn+TRIMjPC+HrzonLduJ4RTQLlNPf6y72Pt2Wq7EPO3VDoRPq5pqdE
cFkA3PGSbDT81UcuObmZzHwFvd3M2bCHEzK6VEIuqevaZapKFKaAV4Bx7oNlur/q
TM0kTCgnitVlX65xDI2QS/NLVQGHjnGSnc1yDspBV9IQ2+Cfs721yyp8KpMJ/T/6
QQouuJrSX3ldO54McZ+vIllhLb9mzQhkPL9zaHqfTJZUuYgX1s8vwHtwdTLQtG9b
jKIm2GNRb8Cc0Dlxk9j+L5BJsKnH13Uw1U3YS3g5cgkfOsjP+LTuMhfOd0REVdpm
plAtcLqjycPNnINCo5v3hhpNS1RYBk6CMzYxhwiaQDLiDjv930stUpC5E/or4fmu
YauFz2sXyuIOSw/H9PxFnFE8GyB0HM/vTYlCo6wtEqyrkPDxQH8=
=DrGi
-----END PGP SIGNATURE-----

News for package python-urllib3