-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 08 Apr 2026 08:58:00 +0700
Source: python3.11
Binary: idle-python3.11 libpython3.11-testsuite python3.11-doc python3.11-examples
Architecture: all
Version: 3.11.2-6+deb12u7
Distribution: bookworm
Urgency: medium
Maintainer: all / amd64 / i386 Build Daemon (x86-grnet-03) <buildd_amd64-x86-grnet-03@buildd.debian.org>
Changed-By: Arnaud Rebillout <arnaudr@debian.org>
Description:
 idle-python3.11 - IDE for Python (v3.11) using Tkinter
 libpython3.11-testsuite - Testsuite for the Python standard library (v3.11)
 python3.11-doc - Documentation for the high-level object-oriented language Python
 python3.11-examples - Examples for the Python language (v3.11)
Changes:
 python3.11 (3.11.2-6+deb12u7) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Apply upstream patches for the following CVEs:
     - CVE-2025-4516: issue in bytes.decode("unicode_escape",
       error="ignore|replace")
     - CVE-2025-6069: quadratic complexity in html.parser.HTMLParser
     - CVE-2025-6075: performance degradation in os.path.expandvars()
     - CVE-2025-8194: infinite loop and deadlock in tarfile
     - CVE-2025-8291: incorrect ZIP64 End of Central Directory handling
     - CVE-2025-11468: Folding email comments of unfoldable characters
       didn't preserve parenthesis which could be abused.
     - CVE-2025-12084: quadratic complexity in xml.dom.minidom appendChild etc
     - CVE-2025-13836: OOM or other DoS due to incorrect Content-Length
       handling in http.client
     - CVE-2025-13837: OOM or other DoS due to incorrect data size handling
       in plistlib
     - CVE-2025-15282: User-controlled data URLs parsed by urllib allowed
       injecting headers through newlines in the data URL mediatype.
     - CVE-2026-0672: User-controlled cookie values and parameters could be
       used to inject HTTP headers into messages.
     - CVE-2026-0865: User-controlled header names and values containing
       newlines could be used to inject HTTP headers.
     - CVE-2026-1299: email module allowed header injection in the
       BytesGenerator class.
Checksums-Sha1:
 e782b2189a1afa54af97abf16c719b01dd704d7b 357940 idle-python3.11_3.11.2-6+deb12u7_all.deb
 3b7e5f91add08561bdae6ead1ca23b5929258e0a 3373672 libpython3.11-testsuite_3.11.2-6+deb12u7_all.deb
 eaa799508ebfb07a06cfdcc294488ea6c6ea6fb2 12641356 python3.11-doc_3.11.2-6+deb12u7_all.deb
 86a0d65f006379cbdca0265241fa7bfc3396962b 798520 python3.11-examples_3.11.2-6+deb12u7_all.deb
 0d5581d61379f7ddb4b6722ec32618a40a186ec3 12565 python3.11_3.11.2-6+deb12u7_all-buildd.buildinfo
Checksums-Sha256:
 9e1e697a0c1cfd692988384cf290de198861b480b466c0ebf37429afc7fb73e7 357940 idle-python3.11_3.11.2-6+deb12u7_all.deb
 106e62d0db70646a403f04b2450b9c18c06b4c66fac0d79d235fd1cb5f4344b2 3373672 libpython3.11-testsuite_3.11.2-6+deb12u7_all.deb
 eafa42c54a08dcf3892d2e9f8e29644877c241d09186ca19a4d06129a339c9f3 12641356 python3.11-doc_3.11.2-6+deb12u7_all.deb
 924f4c132d5f24f61e17c3632c0cb132ab456647305fb8bd7e3c40c21a8c3200 798520 python3.11-examples_3.11.2-6+deb12u7_all.deb
 d736d3000d7f1a37322e1291327b07e15ef4de0ecbe7314b7314e90b13a039f6 12565 python3.11_3.11.2-6+deb12u7_all-buildd.buildinfo
Files:
 15d562b892cac3d6c69d9f6dac2b113d 357940 python optional idle-python3.11_3.11.2-6+deb12u7_all.deb
 edc39b633539eed83f89d205bcc69605 3373672 libdevel optional libpython3.11-testsuite_3.11.2-6+deb12u7_all.deb
 5a884cf9a949a55f31522fa71c8ada86 12641356 doc optional python3.11-doc_3.11.2-6+deb12u7_all.deb
 2c5ed503719ede54f3cbbb20c4950c2e 798520 python optional python3.11-examples_3.11.2-6+deb12u7_all.deb
 c24cbc2c06cc037d8d8d1eea2c069673 12565 python optional python3.11_3.11.2-6+deb12u7_all-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE5ZI1lXv5WjhHIVjsN8Ugyu9dQiQFAmn2oW8ACgkQN8Ugyu9d
QiSM0A//R/VphZVUVPxbpkiJD7qXvAaLiiGhpX6BZ3MrefFUwa1aNhqjkTv5S7gD
PX9Vu1VbvQHmcB5o6/xEr5nPhqke/2p4aFkDHxqdhJ4NBQmBG37nDQ194oRBUKXP
tvhrOT3FSuIMwOGYGtjY7rZkn6+MnGFQSF4yMViHpeR828Lkwg5PhhzYFG25SAvl
4xYpA1JlekDScHXAKD+gonpjcDDnkUiZR0S6t2/2jXon5WChpqXWGpq7MTm3Q25F
0DCVFF4R/E8LVC90lScZ5hlmB9rt/T5GEUyiSghgJNZohhjMXx9Wfb0/q++NUvCb
fSV/LT3E8/qXyV59WnDsjF96L0xj6iHt/XnpWmyHpM/3f38iAPae6GvI5Byh1J1W
2rYo3ok04QdSxX9oV8vwH/mNbMmy8NE8ERYKD+9s68olMqToxgB0B/oe7Cbm+WQS
Agtrlq6WajadC1ZNEDD5MUX9Ew1DkZ+UrzdgXr/JbuM6ts7aDTNE3EYnedPBCWbd
7US/gmy1uCTiLoSI4j3RuvgvnSaILsXRWFM8w91/DMgdg3Ez8iuk2tL2VdGX2Xjp
yqPnEL4DRk5JZToBW8su6IgsChcL0FLhUWmnx4wx6qwOAuIoo/zGts3uiTzg7dSJ
Lfui9m4749mH9oSBcNf9SvNJe5A6FyrRAwcjExDF0eTNwYvU61s=
=PSdr
-----END PGP SIGNATURE-----