-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 08 Apr 2026 08:58:00 +0700
Source: python3.11
Binary: libpython3.11 libpython3.11-dbg libpython3.11-dev libpython3.11-minimal libpython3.11-stdlib python3.11 python3.11-dbg python3.11-dev python3.11-full python3.11-minimal python3.11-nopie python3.11-venv
Architecture: i386
Version: 3.11.2-6+deb12u7
Distribution: bookworm
Urgency: medium
Maintainer: amd64 / i386 Build Daemon (x86-ubc-02) <buildd_amd64-x86-ubc-02@buildd.debian.org>
Changed-By: Arnaud Rebillout <arnaudr@debian.org>
Description:
 libpython3.11 - Shared Python runtime library (version 3.11)
 libpython3.11-dbg - Debug Build of the Python Interpreter (version 3.11)
 libpython3.11-dev - Header files and a static library for Python (v3.11)
 libpython3.11-minimal - Minimal subset of the Python language (version 3.11)
 libpython3.11-stdlib - Interactive high-level object-oriented language (standard library
 python3.11 - Interactive high-level object-oriented language (version 3.11)
 python3.11-dbg - Debug Build of the Python Interpreter (version 3.11)
 python3.11-dev - Header files and a static library for Python (v3.11)
 python3.11-full - Python Interpreter with complete class library (version 3.11)
 python3.11-minimal - Minimal subset of the Python language (version 3.11)
 python3.11-nopie - Python interpreter linked without PIE (version 3.11)
 python3.11-venv - Interactive high-level object-oriented language (pyvenv binary, v
Changes:
 python3.11 (3.11.2-6+deb12u7) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Apply upstream patches for the following CVEs:
     - CVE-2025-4516: issue in bytes.decode("unicode_escape",
       error="ignore|replace")
     - CVE-2025-6069: quadratic complexity in html.parser.HTMLParser
     - CVE-2025-6075: performance degradation in os.path.expandvars()
     - CVE-2025-8194: infinite loop and deadlock in tarfile
     - CVE-2025-8291: incorrect ZIP64 End of Central Directory handling
     - CVE-2025-11468: Folding email comments of unfoldable characters
       didn't preserve parenthesis which could be abused.
     - CVE-2025-12084: quadratic complexity in xml.dom.minidom appendChild etc
     - CVE-2025-13836: OOM or other DoS due to incorrect Content-Length
       handling in http.client
     - CVE-2025-13837: OOM or other DoS due to incorrect data size handling
       in plistlib
     - CVE-2025-15282: User-controlled data URLs parsed by urllib allowed
       injecting headers through newlines in the data URL mediatype.
     - CVE-2026-0672: User-controlled cookie values and parameters could be
       used to inject HTTP headers into messages.
     - CVE-2026-0865: User-controlled header names and values containing
       newlines could be used to inject HTTP headers.
     - CVE-2026-1299: email module allowed header injection in the
       BytesGenerator class.
Checksums-Sha1:
 c0c563ccbe94713c777504d948e333bd7a87e248 15667468 libpython3.11-dbg_3.11.2-6+deb12u7_i386.deb
 ea07b389b6a651020720b5e2f121f8a1b70fcf48 4912516 libpython3.11-dev_3.11.2-6+deb12u7_i386.deb
 7dac3560fb4d5189927bfba29d14280fabb8486a 817804 libpython3.11-minimal_3.11.2-6+deb12u7_i386.deb
 af5f1307ff358fa61053ca51b02e4555e6b12cad 1801592 libpython3.11-stdlib_3.11.2-6+deb12u7_i386.deb
 63f884322b919204c7c21e2474a8c232010e0202 2012620 libpython3.11_3.11.2-6+deb12u7_i386.deb
 3454b4172faf45399cb60ac03f03b0a9493f88a6 34861984 python3.11-dbg_3.11.2-6+deb12u7_i386.deb
 f7c41305723e8bc182b503b0241e7bafff28c0a3 616544 python3.11-dev_3.11.2-6+deb12u7_i386.deb
 5d76f83cac91b70a908d55ad37462760f8722ccf 1292 python3.11-full_3.11.2-6+deb12u7_i386.deb
 e5d96c7e1153dca8c06f127e331ac6604f0beeef 2130088 python3.11-minimal_3.11.2-6+deb12u7_i386.deb
 cbda689a89b7dd53d720a214fd0bed062de4c225 2119584 python3.11-nopie_3.11.2-6+deb12u7_i386.deb
 73822f315bf7de51818fdb14bce75a0c1c84eaed 5892 python3.11-venv_3.11.2-6+deb12u7_i386.deb
 10f35b5a1218f9823416537076c912386277a7c8 13532 python3.11_3.11.2-6+deb12u7_i386-buildd.buildinfo
 324ce300cebfb5cc7547d27b49e4bccc5d27c99c 573816 python3.11_3.11.2-6+deb12u7_i386.deb
Checksums-Sha256:
 9841aef1bcba76204c8ab54124ea40780ceaed69c98aff9e5a9cbac63974e264 15667468 libpython3.11-dbg_3.11.2-6+deb12u7_i386.deb
 d0f25bc2e509a23c47a9f4205b72a5c9d3cfbb3cdbc84fff76a8b6d60e0ea5cf 4912516 libpython3.11-dev_3.11.2-6+deb12u7_i386.deb
 44d99bdb7df2455337e09e212551845e03dda264ef1eedf02f101e9858d1d1ce 817804 libpython3.11-minimal_3.11.2-6+deb12u7_i386.deb
 c416c8c1ea6756da16c0f8166d364ec6619f058d5908e4e6c25b9e50ed168067 1801592 libpython3.11-stdlib_3.11.2-6+deb12u7_i386.deb
 7b8f51f8d143e4b4df9cb8ffaa492e9e3e5d13ca699d793f1f4f47ba9c92af5d 2012620 libpython3.11_3.11.2-6+deb12u7_i386.deb
 07806e4db9d34357b6d8a1d189bf506a4693c63906d4815fbd419d8473b3cb8b 34861984 python3.11-dbg_3.11.2-6+deb12u7_i386.deb
 c5c1d45d19a89d5bce8497cb4f523bcd8e1f25e2b7739b83a9596489ec198faa 616544 python3.11-dev_3.11.2-6+deb12u7_i386.deb
 11d6bc1fe56ffa34be785b586b7d6a4adf45d9b81d6ef1137cc60a380f71d4bb 1292 python3.11-full_3.11.2-6+deb12u7_i386.deb
 e34c83988fbfc8fc109a4dc911ad7ea46439b2fbb471891e864d2954758ab12c 2130088 python3.11-minimal_3.11.2-6+deb12u7_i386.deb
 231339c558e8568b81d816c14d792d1dfcdb43ecefb84ef293da2106a658760f 2119584 python3.11-nopie_3.11.2-6+deb12u7_i386.deb
 57987a66e695a090065e55083e795fb647984e2fdc5e07c1cdfc969223d37646 5892 python3.11-venv_3.11.2-6+deb12u7_i386.deb
 31cb24bcd1e02e6e1aec13196192e5e5e154e65dbe34bc5ac27386af9b69a84e 13532 python3.11_3.11.2-6+deb12u7_i386-buildd.buildinfo
 59a9076e0ffd4a374ef11c89b28dc5119113817a3d4acb1aef270a6ccb0a7052 573816 python3.11_3.11.2-6+deb12u7_i386.deb
Files:
 f2f28b4891e35dd64db3f58bdd99a5be 15667468 debug optional libpython3.11-dbg_3.11.2-6+deb12u7_i386.deb
 421aa4ac4f7119f9cfef5b184081afed 4912516 libdevel optional libpython3.11-dev_3.11.2-6+deb12u7_i386.deb
 d5c786b87037678081ee3c82bbbeda75 817804 python optional libpython3.11-minimal_3.11.2-6+deb12u7_i386.deb
 d71ed0ea87c90a3ebf59223654356238 1801592 python optional libpython3.11-stdlib_3.11.2-6+deb12u7_i386.deb
 fdb25d7843de47070c8131ad78e6b658 2012620 libs optional libpython3.11_3.11.2-6+deb12u7_i386.deb
 f61ca13a1a694b8a68072b3a34cb6312 34861984 debug optional python3.11-dbg_3.11.2-6+deb12u7_i386.deb
 6adf08d29c71a03ed2d45cd442cfbc24 616544 python optional python3.11-dev_3.11.2-6+deb12u7_i386.deb
 54a4b06fcb2aaabc93f7c78f51678127 1292 python optional python3.11-full_3.11.2-6+deb12u7_i386.deb
 2bdce8ebd229ea8c820c84c1802796e1 2130088 python optional python3.11-minimal_3.11.2-6+deb12u7_i386.deb
 7d931e98d2f17fb80fc6055166ad6dd1 2119584 python optional python3.11-nopie_3.11.2-6+deb12u7_i386.deb
 f13297862ac878acf1e7e32c9557f8e3 5892 python optional python3.11-venv_3.11.2-6+deb12u7_i386.deb
 cc5c7e3496efd17868c30dc2f82b1908 13532 python optional python3.11_3.11.2-6+deb12u7_i386-buildd.buildinfo
 6eb7377e28cfd9fd0ddf73233d592dd9 573816 python optional python3.11_3.11.2-6+deb12u7_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEb5EwsJvHBEjqIJYIbheoBegwXLIFAmn2q4MACgkQbheoBegw
XLJrbw//frOmXHeJ0YCiqPkI0C1C8Yn5sqFA/Pt5HOBjsKwiK+zLCY19WndWKkYZ
dOk/JxQKeV6q5S+TfLcNfCBioh+i0SdRIvU1jjcj+upidqEYZumV7mfVLPoFGXtz
gVniHLWwpUT0YF5UmdellEN+v70PiHhU+MKMQ9cTEDm66g6kmWMieUHRPzMegnzm
JXSiwZIea3PAdoLPVajlqfeHcqj+P+gz3Lm+ZymbG8WJTOiBfTyzpAK81lyr0gq/
9OmfTsQbQ8WooF+wO/fOy6342XrGNVDv+iJWorvIRtaVqdQ+oD1r/ob8rM5BRhIO
BgTrTPlhyS0leIWmF/dieYrW+KzFE6ga2H3iQcKiSkXhiSPBAD6fluKbDnnCWKWY
4Wb0hh1vpyGPFO5qX1+KSJAD8K2Iu2cxjj6f/N8GfedvnVpyrbbxyvQFMtq9WwbZ
d9owtL9ikYKzejNumrl5ucajwyXXaat/XhQC04Q3WPh7uzlcB8tdTnIdiMXPxFK+
4PiY0Vl2dgxtJTrlwgSwtRJv9BxkR4/0xQSqfHpE86wgStEv1d9QvSx++Kfn4SGH
IiT9DiwOgwh+b22MPZidiD/8xF0EETjf9W5eaNTtllUg19DamJZplM1UZ/g93tML
DAEXRyVLb9bnTjeC/tsETJwUg0qafSO7lA8mz2EEY0mUomAjxSQ=
=Wl8m
-----END PGP SIGNATURE-----