-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 08 Apr 2026 08:58:00 +0700
Source: python3.11
Binary: libpython3.11 libpython3.11-dbg libpython3.11-dev libpython3.11-minimal libpython3.11-stdlib python3.11 python3.11-dbg python3.11-dev python3.11-full python3.11-minimal python3.11-nopie python3.11-venv
Architecture: amd64
Version: 3.11.2-6+deb12u7
Distribution: bookworm
Urgency: medium
Maintainer: amd64 / i386 Build Daemon (x86-csail-01) <buildd_amd64-x86-csail-01@buildd.debian.org>
Changed-By: Arnaud Rebillout <arnaudr@debian.org>
Description:
 libpython3.11 - Shared Python runtime library (version 3.11)
 libpython3.11-dbg - Debug Build of the Python Interpreter (version 3.11)
 libpython3.11-dev - Header files and a static library for Python (v3.11)
 libpython3.11-minimal - Minimal subset of the Python language (version 3.11)
 libpython3.11-stdlib - Interactive high-level object-oriented language (standard library
 python3.11 - Interactive high-level object-oriented language (version 3.11)
 python3.11-dbg - Debug Build of the Python Interpreter (version 3.11)
 python3.11-dev - Header files and a static library for Python (v3.11)
 python3.11-full - Python Interpreter with complete class library (version 3.11)
 python3.11-minimal - Minimal subset of the Python language (version 3.11)
 python3.11-nopie - Python interpreter linked without PIE (version 3.11)
 python3.11-venv - Interactive high-level object-oriented language (pyvenv binary, v
Changes:
 python3.11 (3.11.2-6+deb12u7) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Apply upstream patches for the following CVEs:
     - CVE-2025-4516: issue in bytes.decode("unicode_escape",
       error="ignore|replace")
     - CVE-2025-6069: quadratic complexity in html.parser.HTMLParser
     - CVE-2025-6075: performance degradation in os.path.expandvars()
     - CVE-2025-8194: infinite loop and deadlock in tarfile
     - CVE-2025-8291: incorrect ZIP64 End of Central Directory handling
     - CVE-2025-11468: Folding email comments of unfoldable characters
       didn't preserve parenthesis which could be abused.
     - CVE-2025-12084: quadratic complexity in xml.dom.minidom appendChild etc
     - CVE-2025-13836: OOM or other DoS due to incorrect Content-Length
       handling in http.client
     - CVE-2025-13837: OOM or other DoS due to incorrect data size handling
       in plistlib
     - CVE-2025-15282: User-controlled data URLs parsed by urllib allowed
       injecting headers through newlines in the data URL mediatype.
     - CVE-2026-0672: User-controlled cookie values and parameters could be
       used to inject HTTP headers into messages.
     - CVE-2026-0865: User-controlled header names and values containing
       newlines could be used to inject HTTP headers.
     - CVE-2026-1299: email module allowed header injection in the
       BytesGenerator class.
Checksums-Sha1:
 2eb659c98289508438a178a62607f2ca568bf6ba 16782548 libpython3.11-dbg_3.11.2-6+deb12u7_amd64.deb
 9b720bad1e79ec0115b154a132b359319bcde3bd 4742972 libpython3.11-dev_3.11.2-6+deb12u7_amd64.deb
 c53d0bab507e03af154791e44c240910ed8678b4 817548 libpython3.11-minimal_3.11.2-6+deb12u7_amd64.deb
 5ec870b88a09701fbf355cdb0991be9acfd867d1 1797364 libpython3.11-stdlib_3.11.2-6+deb12u7_amd64.deb
 6b34fb566b5df0866f1deb0396eae9f6d9da8130 1987924 libpython3.11_3.11.2-6+deb12u7_amd64.deb
 1f67f6204f08da207a38b3b6e8335b5059cc820a 36958856 python3.11-dbg_3.11.2-6+deb12u7_amd64.deb
 f84c851cbd30637652f0780ada6000cecd5aaa78 616624 python3.11-dev_3.11.2-6+deb12u7_amd64.deb
 9b1df869b15ec0154a79b87708782abed983a890 1292 python3.11-full_3.11.2-6+deb12u7_amd64.deb
 ea6bea2868d001987cdd9772baa831f2856aa81e 2065644 python3.11-minimal_3.11.2-6+deb12u7_amd64.deb
 dc0629072d6c762d07930186fdd9a5b14dfa1afd 2054212 python3.11-nopie_3.11.2-6+deb12u7_amd64.deb
 9d27c2ebb9ff43b99de032208b5b4e1d9f5fdf02 5892 python3.11-venv_3.11.2-6+deb12u7_amd64.deb
 72480bf8559f7e9b851ccbfa6bc1668b9a32de9c 13638 python3.11_3.11.2-6+deb12u7_amd64-buildd.buildinfo
 0f2b9f52c08a2754afd8fa7165c43b72f39d8875 573816 python3.11_3.11.2-6+deb12u7_amd64.deb
Checksums-Sha256:
 a70fa2a4bf43364aaf0726ee69e3adf18599a84c0c6eb3561ea3ade0460b1a67 16782548 libpython3.11-dbg_3.11.2-6+deb12u7_amd64.deb
 c00be590024a42dfb1309da75cc51274931147a563a8845061529f1cff617f9e 4742972 libpython3.11-dev_3.11.2-6+deb12u7_amd64.deb
 099a8e81d82653de6162273bdd79bde668d1dd40594309e71e682a80f175a364 817548 libpython3.11-minimal_3.11.2-6+deb12u7_amd64.deb
 0ac258df74db760dc2ed408491c57880872b8a699625f6a136d15f1fb5b9f7a5 1797364 libpython3.11-stdlib_3.11.2-6+deb12u7_amd64.deb
 a5375d30b804a39c566490805b7e2e115a654496318eeb4f8a6b2e5bc085fce3 1987924 libpython3.11_3.11.2-6+deb12u7_amd64.deb
 ffaf9647f559a75ce463459356bd68783aae644cc055fd655dea860d621ec4d7 36958856 python3.11-dbg_3.11.2-6+deb12u7_amd64.deb
 071614cd1519f0ca145f1a5a029a43209b7d76d72c6c30f788c9abc602c32a07 616624 python3.11-dev_3.11.2-6+deb12u7_amd64.deb
 3a732870bc0e47d1b1240eebafe618cc00ca051243f604af2785ef47c2422bd1 1292 python3.11-full_3.11.2-6+deb12u7_amd64.deb
 86c922ce552dadd6d0dc55b3f440aca61a9667e632f91827173f7574a6bfdc01 2065644 python3.11-minimal_3.11.2-6+deb12u7_amd64.deb
 2feb72351757ef0605018660b7efd01eb7d2d1a1d0830cac15326f480c65d701 2054212 python3.11-nopie_3.11.2-6+deb12u7_amd64.deb
 a9d16abc1f60c691d0376acd7f100c82cf0206669b6ff4c2c286c199ab088b21 5892 python3.11-venv_3.11.2-6+deb12u7_amd64.deb
 be2cdded9ab2c8e21a287be9ffc6a1c9e5d228bf7f512e9433211eb47d75ef60 13638 python3.11_3.11.2-6+deb12u7_amd64-buildd.buildinfo
 9ce9c86ec6c7f11326c3da491d9199d9ed59ef8bee6db30ed0236bcffedcda94 573816 python3.11_3.11.2-6+deb12u7_amd64.deb
Files:
 b0ad5529799b58ef63df9f9ebbd821ff 16782548 debug optional libpython3.11-dbg_3.11.2-6+deb12u7_amd64.deb
 f1b7bc2e34c071cd43d443c6651517a0 4742972 libdevel optional libpython3.11-dev_3.11.2-6+deb12u7_amd64.deb
 aea810346eb6689c9cab60e5ed08e732 817548 python optional libpython3.11-minimal_3.11.2-6+deb12u7_amd64.deb
 825e6504b9b2ef4091df79f9b48958d5 1797364 python optional libpython3.11-stdlib_3.11.2-6+deb12u7_amd64.deb
 1e2f4810b735e656b22054aa7c32366c 1987924 libs optional libpython3.11_3.11.2-6+deb12u7_amd64.deb
 f15a5daa173784412b137c2bf7486a00 36958856 debug optional python3.11-dbg_3.11.2-6+deb12u7_amd64.deb
 79b5c15aafd7c8a1d243754a790986d9 616624 python optional python3.11-dev_3.11.2-6+deb12u7_amd64.deb
 af4e61e4fc94ae9110ac1c52355a8600 1292 python optional python3.11-full_3.11.2-6+deb12u7_amd64.deb
 a95d0a6df1063522e68d2f70c9522cc9 2065644 python optional python3.11-minimal_3.11.2-6+deb12u7_amd64.deb
 8e6a02ba97eb1eb90b2e537f521bdb14 2054212 python optional python3.11-nopie_3.11.2-6+deb12u7_amd64.deb
 92d4b07f8d51b600a80869600eb49caa 5892 python optional python3.11-venv_3.11.2-6+deb12u7_amd64.deb
 473565f7186c56856793f8795dcad7ea 13638 python optional python3.11_3.11.2-6+deb12u7_amd64-buildd.buildinfo
 bc41c873dcc68f4dc83836c819d1f751 573816 python optional python3.11_3.11.2-6+deb12u7_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEBDWXQb2umOtH4DRpYg9P9sm2dfEFAmn2rJkACgkQYg9P9sm2
dfHh8BAAmzqgO0xlS7EJTL1eFAwNcfoPK4BNbtUWqOMZpvTr7Huw24VgPdQVjLBY
5soUOOgHHtemUu5rCnxk1h0ykOWq/P5LGK6iEUiMVH4gU3zu6M7oL6m0GpF3eBsv
03i8t5UUJ0xaQQdSu6+gbg0KLLqyK22qtQVsQgAvVDt2UJfw5kpKCgArLVyGHbES
ITRJROJhK42jWVHIBcC1OaJ/nZDrFl3GuEQ8ejYmRrdi3kaihsiPOQYSz+ALbsnJ
OCbb2IjT3rXbRB/bqMGHhLCK0Lxaf//WxkIRkpkaKQgQCGIG0nRYz9gsvDE+K/LN
4KcmOyHS5j5aP+ZHb7c9JzUH5aNJLitP11auasLUNiwVZKmaEWa8gTuIvC4X/Igy
5rAa9OwUriTYIDN2TMQFdzCdjP3MuD+RoI3UJkE3dy2zDrrzVfntA1XrYeR7yhJd
BITIsRu4XqLsAmQ4vN7Y4gMxx+sgUQ1u289DabUMdDUF3ayA4PkAteNC4shlC13L
QOaw5TLrPXZgAszu9AQ7qECyb7avrJZg6ei8aHNz+TQvkp5Z/eB5wnDQDYyxDkcC
lf13bQSuD5nfaoDXn+XusdKCRQfn/khVye0HLX1+BSL9hhiM+a1KkSnDFMWi2riK
kSOZqZk6JkwmWyD4fKiH2WKPRNiRnrnet+2DmQG38vrorKVqayE=
=biwW
-----END PGP SIGNATURE-----