Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted python-urllib3 2.7.0-1 (source) into unstable
Date: Sun, 28 Jun 2026 17:10:02 +0000
Signed by: Colin Watson <cjwatson@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 28 Jun 2026 17:48:21 +0100
Source: python-urllib3
Architecture: source
Version: 2.7.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Closes: 1136654 1140427 1140932
Changes:
 python-urllib3 (2.7.0-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream release:
     - CVE-2026-44432, CVE-2026-9375: Decompression-bomb safeguards bypassed
       in parts of the streaming API (closes: #1136654, #1140427).
     - GHSA-qccp-gfcp-xxvc: Sensitive headers forwarded across origins in
       proxied low-level redirects.
   * Don't parameterize tests using non-Collection iterables (closes:
     #1140932).
Checksums-Sha1:
 bdc98fc6d80d8ca75438e5accfeb40eb5d1ded73 3007 python-urllib3_2.7.0-1.dsc
 c57dd149bed207e691060def264da11e3508a0b0 433602 python-urllib3_2.7.0.orig.tar.gz
 dc5385e24d52a8f80bf9ba4d4fa7c4846257b8f1 38660 python-urllib3_2.7.0-1.debian.tar.xz
Checksums-Sha256:
 ad525911bd26220ccdfd61d16dc775cfce30308214bed9b9c4834a1441ac4b44 3007 python-urllib3_2.7.0-1.dsc
 231e0ec3b63ceb14667c67be60f2f2c40a518cb38b03af60abc813da26505f4c 433602 python-urllib3_2.7.0.orig.tar.gz
 5449700f4f5688181c73a6fdca4393ef5ad85019955f1f8459630ca83691dd88 38660 python-urllib3_2.7.0-1.debian.tar.xz
Files:
 efd40c01b6fc9854625309734d92ff2f 3007 python optional python-urllib3_2.7.0-1.dsc
 e79707b798a66c8165c9c441440f4e80 433602 python optional python-urllib3_2.7.0.orig.tar.gz
 206bb4386a118e25ba1e5ef07f19a846 38660 python optional python-urllib3_2.7.0-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmpBUIUACgkQOTWH2X2G
UAuUBhAArl/xOxFEn9+tscBTp5+8I4qEUj9G0atcR5air4xEWlM/qA8XcowSMLdJ
JfAWruEznXJ7wWxTDMRPneM0efzmjj6GAirde438DrEEbXuacOVLUswfocJOGLgk
6JYsjeLpLvk8LE9ojal0TRzxijGmsH3HPKCdY9ly8lr8miHqLCL9tAkICiJegz/C
Z36uas+3jn4e3x1j0S88IZfoE5teaoIOWJHTUovh+9UmeKnLhq/iCV1RDim5xJwl
n8SXiRk9SJmJybJSD2lR9LezTE572tIp1TCm7+cu93+OvYuQ3JmrVFl3KBPQ50wF
z/TJ8YXhR5X3BM+lydx8nzkcjFyU/i6zZeNGX1Krr/Wr3O8qFPWBMYzh900rn8zv
7KBw48hN+ZeHK6wp5bex716AXhDRhiPFK0dMh+ptqUOV1d99k4UEKD/iJzC4ZHcL
koHsUg6IZMqOFPlkibcpKoGTit8nJyO65AW8KuyTmPiEznLHETwxltXX20D5Kuam
8Ru1UTcYsssvI+KsxtkXlUhwU3Ut0H7iV3eKf2srwQT5Cgp0nOvJRM2J49FN2dwa
Uho/dMCi7FB9M3CwiIekDbKn43lu+cNYaKZjc5pjhRtnfoIUoZOfo9WNs4t0S84r
H873h95Rt1DxMBn1YdtJIFVWsTgxZ4XUUq0LGVLk0X5MT8aabpA=
=U8Ze
-----END PGP SIGNATURE-----

News for package python-urllib3