-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 02 Jun 2026 18:37:59 -0400 Source: python-pip Architecture: source Version: 26.1.2+dfsg-1 Distribution: unstable Urgency: high Maintainer: Debian Python Team <team+python@tracker.debian.org> Changed-By: Stefano Rivera <stefanor@debian.org> Closes: 1138220 Changes: python-pip (26.1.2+dfsg-1) unstable; urgency=high . * New upstream point release. - Fixes: CVE-2026-8643: Rejects entry point names that escape scripts dir (Closes: #1138220) Checksums-Sha1: 780eda2a91bc01938d64b0cd3ceffeb2d37d01c8 1857 python-pip_26.1.2+dfsg-1.dsc e27ab8591331c4d91cf737b4bc20b9dd28fe107b 1121136 python-pip_26.1.2+dfsg.orig.tar.xz 9ab69a60082961b96b5549bd8e91b3791e161767 22084 python-pip_26.1.2+dfsg-1.debian.tar.xz f1602152623f5caae9f8889c8d3fbe11c2512761 6717 python-pip_26.1.2+dfsg-1_source.buildinfo Checksums-Sha256: 6dc938fa1aa236e06c8c2dc2752f0044adb886edd42dbea02662152f0cbff356 1857 python-pip_26.1.2+dfsg-1.dsc 5c151b799b9bae833ccebb1e5308b9d18707ce7ba4a224f648d0bf4853ac0fb9 1121136 python-pip_26.1.2+dfsg.orig.tar.xz a878f1abf804d45efcdff8f8adc56da5d79c5ecc6e3cc27ac55fa145c52916f0 22084 python-pip_26.1.2+dfsg-1.debian.tar.xz 5ef66e0452316995a6b23163df80c9087c2d7a8786492699aa22a67eb8cd0aa7 6717 python-pip_26.1.2+dfsg-1_source.buildinfo Files: 43e44bfb866fa15638a43a83a16f1a6b 1857 python optional python-pip_26.1.2+dfsg-1.dsc abb678d36284b2c5935f430d3bf40671 1121136 python optional python-pip_26.1.2+dfsg.orig.tar.xz ac36c0a332e2626dc7d83dbe6bdd1ff1 22084 python optional python-pip_26.1.2+dfsg-1.debian.tar.xz afbcfc0d649fdf8cd4e654f8d20fd83d 6717 python optional python-pip_26.1.2+dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iIoEARYKADIWIQTumtb5BSD6EfafSCRHew2wJjpU2AUCah9/vxQcc3RlZmFub3JA ZGViaWFuLm9yZwAKCRBHew2wJjpU2AuJAP4gLl3ezplskqlbKJhQA6RltGXufgX0 J0IZ70am3ukQkQEA02tvnOY2eKU2LGQCeeKsFzyirD0b+yF4ycqOG7MIiAk= =e4h7 -----END PGP SIGNATURE-----
