-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 12 Jan 2026 22:38:24 +0100 Source: python-urllib3 Binary: python3-urllib3 Architecture: all Version: 2.3.0-3+deb13u1 Distribution: trixie-security Urgency: high Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) Changed-By: Salvatore Bonaccorso Description: python3-urllib3 - HTTP library with thread-safe connection pooling for Python3 Closes: 1122030 1125062 Changes: python-urllib3 (2.3.0-3+deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * Unbounded number of links in the decompression chain (CVE-2025-66418) (Closes: #1122030) * Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API) (CVE-2026-21441) (Closes: #1125062) Checksums-Sha1: 8c359443b4a4239173aad092cc2167ab47a2cc1b 8304 python-urllib3_2.3.0-3+deb13u1_all-buildd.buildinfo 1d796306a76d457f625a750fed5b90c843c7d49c 115284 python3-urllib3_2.3.0-3+deb13u1_all.deb Checksums-Sha256: d7c06c26c8da7623d2594e9f6b604c8488308601e0ca5c04bd79be503027521c 8304 python-urllib3_2.3.0-3+deb13u1_all-buildd.buildinfo 3d49b401e88ca0ebd7d45793438fad370f5f03e25bc72f507ee4b98783e620cd 115284 python3-urllib3_2.3.0-3+deb13u1_all.deb Files: 9baeb782e15b31467ef2b8b8f85c14f2 8304 python optional python-urllib3_2.3.0-3+deb13u1_all-buildd.buildinfo bc96641e0060152a97e211be249bc4a4 115284 python optional python3-urllib3_2.3.0-3+deb13u1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEaPzFtKPtF0JrKPV5iZlfn74WV6kFAmlmVtYACgkQiZlfn74W V6knaA/+IcmFYydUopHInZOEjKHFzWvoy+N0GQTb4XnESKwaIDHqC1WQ7I5yC/8d tzuQz4EQiml+E91J5eJMdzt3QAzF8IZSep0uQK6cibnF9u+0qpwYyvrOuGxrg1QH VAZXeIxIoDykk4k9tsKcAGQLhMFltzbmt+XK7zbP6OC2DrASvXU6w827L4WCf+zM twyn6D9g7nOyqzndgcSigDUflJlq19q44wHQK1AIwBjag0J8UVflKJ6C6IPKqXuF dTW/zBAaaHJwPyRSl7xcpQgg81/JStxWxpc/IGQF4L1/LPvdq5+etvwrKBXUEbZF 2D/6e8/DeV+2ZJcrMZxOG64vaT4qkWlE0HB09sRJ+RkZby609/7US1dx86hF58lU qXLhZy2UFlKQxUuIWFl+aZiQIDrtIdQh/uLyDmoN+Tq9dN+UDMTql+7OIBosR2FF Ga5eO0beFzuloaGlFMpnG/gULEy3F20hu0UtZVfvETkbdlkPuU9il7/Ho2JDAMzN zJGSj2S9s4GmQErAdnq63WpwLFBAkCgnD6q6s7IuIvWodIvnuqcy0R+rW5T6/zK6 vdjgy1qMaYh929HmPCu2x34YfFOaqZHlA2QhHxQAM80hLX3VkCV4AvIhzCfgfFQG 53HYW9a91Y3UqghA0UfbmaL3sjyRt3zyN/Pf5d2fxVsmR7I7SRE= =WwBi -----END PGP SIGNATURE-----