Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted python-pip 26.1.1+dfsg-1 (source) into unstable
Date: Sat, 23 May 2026 23:50:32 +0000
Signed by: Stefano Rivera <stefanor@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 23 May 2026 17:14:10 -0400
Source: python-pip
Architecture: source
Version: 26.1.1+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Stefano Rivera <stefanor@debian.org>
Closes: 1134492 1135110
Changes:
 python-pip (26.1.1+dfsg-1) unstable; urgency=medium
 .
   * New upstream release.
     * Fixes CVE-2026-3219, potential archive type confusion.
       (Closes: #1134492)
     * Fixes CVE-2026-6357, potentially importing modules after installing them
       (Closes: #1135110)
   * Refresh patches.
   * Update copyright.
Checksums-Sha1:
 4d249d3fc849ad8f728cf7285ca0695d482deb85 1857 python-pip_26.1.1+dfsg-1.dsc
 fdcb77f2fb3b7c72a8d61200f0539ec7c31261a3 1120360 python-pip_26.1.1+dfsg.orig.tar.xz
 203197a49ba429aa1cef94f4226734fe9d184848 22012 python-pip_26.1.1+dfsg-1.debian.tar.xz
 0500632928d14ca0437b8a91979b6b05ea111aa4 6726 python-pip_26.1.1+dfsg-1_source.buildinfo
Checksums-Sha256:
 fc0ac4c515ee22c9273fc703b18c227e613feced6eea6b56f46b2cc2053970af 1857 python-pip_26.1.1+dfsg-1.dsc
 d31499a6cfaddf63e81b871acbb5791244fe59905f5458c02e2efa437ebfeecc 1120360 python-pip_26.1.1+dfsg.orig.tar.xz
 d4fbdbdfa0928156c58eebfab08f457c9626e8005e965581b696e42399a0a900 22012 python-pip_26.1.1+dfsg-1.debian.tar.xz
 491a0d84fec7e8b0df44e8a7893ab5b4dffe1f1eb6db09397360462c8a6a1492 6726 python-pip_26.1.1+dfsg-1_source.buildinfo
Files:
 216a5c09a6dbf33c5de24158bb17fd6b 1857 python optional python-pip_26.1.1+dfsg-1.dsc
 0f360e64c29bbb54c65677bf55fe8fe8 1120360 python optional python-pip_26.1.1+dfsg.orig.tar.xz
 bea86ba153917b1e2fb75de03db308f6 22012 python optional python-pip_26.1.1+dfsg-1.debian.tar.xz
 452e3d7fe07542e9523630350f7e2468 6726 python optional python-pip_26.1.1+dfsg-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iIoEARYKADIWIQTumtb5BSD6EfafSCRHew2wJjpU2AUCahI44RQcc3RlZmFub3JA
ZGViaWFuLm9yZwAKCRBHew2wJjpU2GGEAP41V0aicYpQ9qZkq0yi0Ep634oMgW/7
JwSxCuJzmiLYdQEAo38cuOlPEjdfqzLlPx/3OkauQ5pwqKA3l+7o86aHlA0=
=ukBP
-----END PGP SIGNATURE-----

News for package python-pip