-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 22 Apr 2026 17:04:23 -0300 Source: python-flask-httpauth Architecture: source Version: 3.2.4-3.1+deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: Martín Ferrari <tincho@debian.org> Changed-By: Emmanuel Arias <eamanu@debian.org> Closes: 1132581 Changes: python-flask-httpauth (3.2.4-3.1+deb11u1) bullseye-security; urgency=medium . * Non-maintainer upload by the LTS Security Team. * d/patches/CVE-2026-34531.patch: Add patch for CVE-2026-34531. - Flask-HTTPAuth can invoke the application's token verification callback function with the token argument set to an empty string and this will return. If the application had any users in its database with an empty string set as their token, then it could potentially authenticate the client request against any of those users (Closes: #1132581). * d/salsa-ci.yml: Enable salsa-ci. Checksums-Sha1: d7042ce76d7cd3c6838c3b791a6dca29594ce208 2248 python-flask-httpauth_3.2.4-3.1+deb11u1.dsc 427fbf72584d8d779c9cf1b7fb44310de1b072a3 32708 python-flask-httpauth_3.2.4.orig.tar.gz 42258c9917b427133eb8f802270a11cb9d730744 6124 python-flask-httpauth_3.2.4-3.1+deb11u1.debian.tar.xz 9c1a7a7abafa89d4f404984c4ac0627d58db0e7c 6938 python-flask-httpauth_3.2.4-3.1+deb11u1_source.buildinfo Checksums-Sha256: d8de1c43cd7e5a4af730b497e68a1257987b6702008d8115264af00adefbd3e8 2248 python-flask-httpauth_3.2.4-3.1+deb11u1.dsc 8933f89939871d7ca535ff36a29fae62f381ccd9d5e33ce43b7e7f6338641c34 32708 python-flask-httpauth_3.2.4.orig.tar.gz f941b014cd9182df5df9762e38f9c4ead3207ad1326104615106a4252b6e400f 6124 python-flask-httpauth_3.2.4-3.1+deb11u1.debian.tar.xz 695ac805347e1fa7528c51ec1e7d7e94d30659d514de060aaad550a9f04b38af 6938 python-flask-httpauth_3.2.4-3.1+deb11u1_source.buildinfo Files: 9766a256309a65fefb51100855e3b397 2248 python optional python-flask-httpauth_3.2.4-3.1+deb11u1.dsc 2e763c7888c99d25bea3042c3b75e43f 32708 python optional python-flask-httpauth_3.2.4.orig.tar.gz f89bb135be0132d46536a592a22615ac 6124 python optional python-flask-httpauth_3.2.4-3.1+deb11u1.debian.tar.xz 193692b8a8faec0ca867cbf25ec4202b 6938 python optional python-flask-httpauth_3.2.4-3.1+deb11u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJGBAEBCgAwFiEEE3lnVbvHK7ir4q61+p3sXeEcY/EFAmoYLzUSHGVhbWFudUBk ZWJpYW4ub3JnAAoJEPqd7F3hHGPxECAP/jj1aO44Jtm7X6kq7wzegLcJ8tmOnACw WGq9m43EApWBc+YdwkuY5yjkXP/SccIZlS2O13ptscnnXZYWd6FMNgptER72z0WD bjkX9mBdmoB2CJ/iRn9Yzf3lxK0ahDwJ17OHfyCN09itL9JuIGR4C+q841oYjXR0 JWnU/vI+Edq0TGM4Ns2z2J9g3B/I1te1QwLZL6XKQUCCMNgeOxurPHzjXXxfLNwj OS2jWhYEiVkzitjBHsVxFyJo0vuzfhw0WGTIqtOzd4ngjgGpwGtrpbGSsBYjyXTV Pry1wiNeWiYvdOtT+bpuGQhdsiVxWTQDJJrVyMwimFsI3wx+otAMkA2ixk7F1cuw QgT8/1ulS+5b2sbCmUXG8qCL6q8Hg1a7SEZEn6q/jOJ3jwLhCwGr6bjLrjPO60QG HA/uYBREbwB5fotvBMa5m7WBLc23pesTDe1qyd68WnBTQt/BSBcDw/6SPT+oCzH7 24BptOda5Z2qbyrBoNeUdSWxunjcjzGXJUq10JD2p77kU1NT2PTFxwTq1giOQhZ5 gcdHW0FxDSJ6qc+zOeNYu5dRFnzaKi4JeBr8eR2XE7UuP/x1stnJ2FxQ9i4jl1fy 6j7vrmZgCC7o1S8xHPg2XD6igJy7oWXkpxXLRByTvYPuy5QetAaSuDWsw9TJFgQr uNbvO0GDi1LW =luDX -----END PGP SIGNATURE-----
