Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted python-flask-httpauth 4.8.1-1.1 (source) into unstable
Date: Sun, 26 Apr 2026 21:18:04 +0000
Signed by: Emmanuel Arias <eamanu@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 21 Apr 2026 17:20:09 -0300
Source: python-flask-httpauth
Architecture: source
Version: 4.8.1-1.1
Distribution: unstable
Urgency: medium
Maintainer: Martina Ferrari <tina@debian.org>
Changed-By: Emmanuel Arias <eamanu@debian.org>
Closes: 1132581
Changes:
 python-flask-httpauth (4.8.1-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * New upstream version
   - Fix CVE-2026-34531: Flask-HTTPAuth can invoke the application's token
     verification callback function with the token argument set to an empty
     string and this will return. If the application had any users in its
     database with an empty string set as their token, then it could
     potentially authenticate the client request against any of those users
     (Closes: #1132581).
   * Standards-Version: 4.7.4 (routine-update)
   * d/control: Add furo as Build Depends.
Checksums-Sha1:
 0ebd656f33f3609192482ef943b8ceca25b65447 2274 python-flask-httpauth_4.8.1-1.1.dsc
 9d59d2bcfc254dd93c9708a958d7591647da4fb7 43750 python-flask-httpauth_4.8.1.orig.tar.gz
 1b4e0010cc50d72711a7cc5a36d042ace8ea6187 6012 python-flask-httpauth_4.8.1-1.1.debian.tar.xz
 d979341765a8766647f4f99294bd065fca149cee 8624 python-flask-httpauth_4.8.1-1.1_amd64.buildinfo
Checksums-Sha256:
 9a168eb4425f82350545916e0b1aed16dabdbff4c6943624fdda614da9fb08d7 2274 python-flask-httpauth_4.8.1-1.1.dsc
 ed90212959030a99f64543b08b58db3a3089bc3f6a098e01f4a70186ca1f580a 43750 python-flask-httpauth_4.8.1.orig.tar.gz
 67de87a9fdf9a6877ecf75f9019626df261a4369f1fd10e9bca9863b7ff2522a 6012 python-flask-httpauth_4.8.1-1.1.debian.tar.xz
 1475339b7f21f2af7d697d7c4f7f59db9ec28118b8cfc012f9471655e5fe45ab 8624 python-flask-httpauth_4.8.1-1.1_amd64.buildinfo
Files:
 2549b51f0ad7d5d4065cbda16dd626c3 2274 python optional python-flask-httpauth_4.8.1-1.1.dsc
 3a8f79b5ce56848b0030bed209338e28 43750 python optional python-flask-httpauth_4.8.1.orig.tar.gz
 fee1dce1c9496ef374fdd86ee83db949 6012 python optional python-flask-httpauth_4.8.1-1.1.debian.tar.xz
 066d5bd0dd91b5c4647e61e6790baa4e 8624 python optional python-flask-httpauth_4.8.1-1.1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEE3lnVbvHK7ir4q61+p3sXeEcY/EFAmnn3HASHGVhbWFudUBk
ZWJpYW4ub3JnAAoJEPqd7F3hHGPxvJcP/01ha7KqFgToTqKw7+MvIS+ChQLQ0sQD
XGXagFGG22yMrkq6Rhqafc3X1zFLEG5Y2lgC5DV6ENLmfn4cDCFcBoItIBB3GUTu
stpSDLW0XyAJFKyasDpG7VMGKek5iF5iRYJQxQ6YVuCQt/qQzB+/n+vwN7UCjEYO
BGMraJjYPaIUum3ahUCacOWMlxMo4i8ubKyrFgxnUzIgwx0dYHVwBOQQwZDAZQu8
qV/FZxmLdN9v7NwJ82uGIszrFP3kkQhEyxv/XFHPRnjj6GcM/j1I+tPDC1hQaqIr
SpmpLDzQPLi5h4yd5wCIotIMS/Goydf8H6tpKK1rAlLYfxWBHNFg99UMuxlNKtlL
Av1A95A2PCF2EfbLbNA0wYeQwdtCzomMSKf4RDFICq8is2ts7PJpdBVIBp4tkLkR
BB9LAeDIaxU8rtgmHL72/ygHLXz4nqUNtKjPV0F9MqxC52L/kVRmS7U+NnHu1My7
xFU40lxgR0nZR3ex1HsvskQ8g4erTH6YkxBWdhqKU8yVs7NZ3mVJt23x5gtorgh8
Kl5tw3U86BrKPdM9kvZIGqWBmkXJBg4347+Y38KQQca0ckDZ1YlanCOTxA5jklJv
MrKvstEKcp5rOpKIOULKYrZkCrYRRHWJzbrdHazf3o55dTBVIfGrvUCB/TY6iL8g
jga/wEKr9+Tr
=t7R1
-----END PGP SIGNATURE-----
News for package python-flask-httpauth
