-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 08 Apr 2026 08:58:00 +0700
Source: python3.11
Architecture: source
Version: 3.11.2-6+deb12u7
Distribution: bookworm
Urgency: medium
Maintainer: Matthias Klose <doko@debian.org>
Changed-By: Arnaud Rebillout <arnaudr@debian.org>
Changes:
 python3.11 (3.11.2-6+deb12u7) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Apply upstream patches for the following CVEs:
     - CVE-2025-4516: issue in bytes.decode("unicode_escape",
       error="ignore|replace")
     - CVE-2025-6069: quadratic complexity in html.parser.HTMLParser
     - CVE-2025-6075: performance degradation in os.path.expandvars()
     - CVE-2025-8194: infinite loop and deadlock in tarfile
     - CVE-2025-8291: incorrect ZIP64 End of Central Directory handling
     - CVE-2025-11468: Folding email comments of unfoldable characters
       didn't preserve parenthesis which could be abused.
     - CVE-2025-12084: quadratic complexity in xml.dom.minidom appendChild etc
     - CVE-2025-13836: OOM or other DoS due to incorrect Content-Length
       handling in http.client
     - CVE-2025-13837: OOM or other DoS due to incorrect data size handling
       in plistlib
     - CVE-2025-15282: User-controlled data URLs parsed by urllib allowed
       injecting headers through newlines in the data URL mediatype.
     - CVE-2026-0672: User-controlled cookie values and parameters could be
       used to inject HTTP headers into messages.
     - CVE-2026-0865: User-controlled header names and values containing
       newlines could be used to inject HTTP headers.
     - CVE-2026-1299: email module allowed header injection in the
       BytesGenerator class.
Checksums-Sha1:
 852125486d3a3bd6abb56da867bb2dc8c8a2b332 3805 python3.11_3.11.2-6+deb12u7.dsc
 011719dcb9f56df8fbcafac3b97c8b45a68039e4 271912 python3.11_3.11.2-6+deb12u7.debian.tar.xz
 0dc813b117b396a8fbe54123a3a477efcc418fb8 6399 python3.11_3.11.2-6+deb12u7_source.buildinfo
Checksums-Sha256:
 f903552a9de67adea73f9a3cd33abd44aa5aff50f25744b78954ac624f031022 3805 python3.11_3.11.2-6+deb12u7.dsc
 7d937f4407a8b51ef14ed48097dc442605a8e048eacf6f0ada8a6938f6dea0ea 271912 python3.11_3.11.2-6+deb12u7.debian.tar.xz
 f16152db07cc7c1edb89971e966ad122d0f36f95a1bde76ee60db30d8d1bd2c9 6399 python3.11_3.11.2-6+deb12u7_source.buildinfo
Files:
 40abdf6bbbfbf93f0884cc14aa0aa893 3805 python optional python3.11_3.11.2-6+deb12u7.dsc
 da7f8296eb60f4f14e659c0854fccf39 271912 python optional python3.11_3.11.2-6+deb12u7.debian.tar.xz
 e28b45dcf5f60385aa9a4691c66d46f2 6399 python optional python3.11_3.11.2-6+deb12u7_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEE0Kl7ndbut+9n4bYs5yXoeRRgAhYFAmnVtwYTHGFybmF1ZHJA
ZGViaWFuLm9yZwAKCRDnJeh5FGACFt7WD/4uB42bE4kl2k4/4U96DPQUNXBzdM9P
uMRsZhX1gkhdmqiMGOGPLbmQl8sbtBGiObep2GjZ4lenMSE8FxPdOpeOFcc6CcLu
bGLJNvMNn+VWcPm0EggnyWg6vAGnBIScVCm41a5e4Zh+JKh0wR0EtZ/IqzWR/jjn
6Fp1GdNmU0xiJ8d4RtzCQ3N+D/X26J9f6cOdqNLrBGmiIgChhNZosMXherGu/92G
PEy5ugJBPWCS7ffAyA0mrEcggZXdWLotRQrJbqF1LHxBt8MXHVtX1K+nEPsWIq0G
wTboAEtlYHNb2ssjeFa5KP0zvXNW1pWctCombaZmmU/d1tSxu1cChEsFBXUcZfgn
LpPDn3qoSeD/xn0fkfqfB8r3/DhKY+u0uMto4CVRu+Ms7skSF37nhFTPdkSXRHqU
WnQfa1E84iULa2zvcAjlBADVe6SD4efc2Eo8XtfIw/vIzwf1J+reMd6/19ls1NsU
30C7jlgDIOaEKcTf1b7EhUJFgFltUwIxMkoHZbYi74TLcaojebColfA//6BW3QQz
4Yo4PbsvGUoRC92pLffshksZLN/1no3PMFgKG820ln6f7IPxFeRiBvf3ooBty/sE
btpEO71rYAVCfYGyYGsBriLG/Ya9Hm/lSvZfRcHbN5yax4sKuKX1Nv+q4RhpjABX
Xj9drRURm2vM3w==
=1WXj
-----END PGP SIGNATURE-----