CVE-2025-0938:
The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.
CVE-2025-0938:
The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.
vcswatch reports that
there is an error with this package's VCS, or the debian/changelog file inside
it. Please check the error shown below and try to fix it. You might have
to update the VCS URL in the debian/control file to point to the correct
repository.
changelog package python3.13 does not match source python3.12
Lintian reports
3 errors
and
19 warnings
about this package. You should make the package lintian clean getting rid of them.
debian/patches: 1 patch with invalid metadata, 17 patches to forward upstream
high
Among the 33 debian patches
available in version 3.12.8-5 of the package,
we noticed the following issues:
1 patch with
invalid metadata that ought to be fixed.
17 patches
where the metadata indicates that the patch has not yet been forwarded
upstream. You should either forward the patch upstream or update the
metadata to document its real status.
AppStream hints: 1 error and 1 warning for idle-python3.12high
![[bug history graph]](https://qa.debian.org/data/bts/graphs/p/python3.12.png){kind=link}