Accepted python3.9 3.9.2-1+deb11u3 (source) into oldstable-security

To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
Subject: Accepted python3.9 3.9.2-1+deb11u3 (source) into oldstable-security
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Thu, 20 Mar 2025 02:30:20 +0000
Message-id: <[🔎] E1tv5fo-0076qe-1D@seger.debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 20 Mar 2025 10:07:39 +0800
Source: python3.9
Architecture: source
Version: 3.9.2-1+deb11u3
Distribution: bullseye-security
Urgency: high
Maintainer: Matthias Klose <doko@debian.org>
Changed-By: Sean Whitton <spwhitton@spwhitton.name>
Changes:
 python3.9 (3.9.2-1+deb11u3) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
 .
   [ Bastien Roucariès ]
   * Fix CVE-2025-0938:
     The Python standard library functions `urllib.parse.urlsplit` and
     `urlparse` accepted domain names that included square brackets
     which isn't valid according to RFC 3986.
     Square brackets are only meant to be used as delimiters for specifying
     IPv6 and IPvFuture hosts in URLs. This could result in differential
     parsing across the Python URL parser and other specification-compliant
     URL parsers.
 .
   [ Sean Whitton ]
   - Fix CVE-2022-0391: Missing input sanitisation when parsing URLs, which
     could lead to injection accounts.
   - Fix CVE-2025-1795: The implementation of e-mail header parsing and
     folding would encode the comma used to separate list items which could
     cause receiving applications to interpret two items in the list as
     though they were one item.
Checksums-Sha1:
 4490755ec5c8b464fec1ff2975d1462824720918 3670 python3.9_3.9.2-1+deb11u3.dsc
 43683c5c778c11ee48097b3ddc13319b5cbc5d48 269772 python3.9_3.9.2-1+deb11u3.debian.tar.xz
 dcc6969fc7c5c1379a9bc2a166ecdb65eed4f5a7 8420 python3.9_3.9.2-1+deb11u3_source.buildinfo
Checksums-Sha256:
 03d03424e4e53ee42f25e085201e51170760c323505c792fe546e12cd49c20c1 3670 python3.9_3.9.2-1+deb11u3.dsc
 ff18438c4fd80234c9e66ea363865e908d2a4bd706ede50bb4fe828954cdeee7 269772 python3.9_3.9.2-1+deb11u3.debian.tar.xz
 499f1f6b7bbdbb10a899b0753f8062f1e7c0f57a02539dd5b4415fc8bd5836ce 8420 python3.9_3.9.2-1+deb11u3_source.buildinfo
Files:
 891c041a18e2f078ebb06f6bf0bbfdb8 3670 python optional python3.9_3.9.2-1+deb11u3.dsc
 0fcfd201aedda31a772c8f5aab342052 269772 python optional python3.9_3.9.2-1+deb11u3.debian.tar.xz
 3cd052581c02df9fb1dbf0644c483544 8420 python optional python3.9_3.9.2-1+deb11u3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJNBAEBCgA3FiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmfbePwZHHNwd2hpdHRv
bkBzcHdoaXR0b24ubmFtZQAKCRBpW3rkvwZiQFPOD/472YQjQJjcZ7mseqwCXieF
uSVCsOhp94+OBTfyAM+r3ueKY0Wc7PGW/ulFr0m/Ms75VyC6co9eIncGeMQmeR93
ffmTnZ/IVe6SNZuJXhSnjIhlvL/bQs0UXjnqk83DnNbtZTp6+Y2G6CGhI9tBVk4n
JVhZVdENMkreCBGS0oIl4G38ypZkrjPxjy5c+pw5UmY/WwmQROskg2UhAINkAdFb
JP/PCjWKQL7bzRuEqEjPUbCb3QKSJQmUU+Ij2dmQzH5fqJ09+0bXZScpFullj16V
nzks6ws8SVTqI74ZD0muo/9xZIlaasFIViM6aKSI+IWJfaW5uBXbzip1uL1touPq
Zja5ag3ECf9mELyey0QUvhfhC22FFLJ1KZsa4oL9eUMI0KMrfLhnuFElbipfPKF6
aNszJF/b3IOqyYvhTdkrryfT1TcOxtO61udVpjmflTKENw3ABL+SH1uFVZ6/UJ6z
qknHLRGvfMK5sNoSjIRFId1lCjVlUOiUqOjrHfa5HULroNZKlFABBvnyen4EYFWO
wOfKov3q2+rXLxEPT7glgEWrrbvzhOxzHHtCvkdusSoZCjKJCQuOM+mrmV4bHvXM
ayvijYpjZFS+QCDcs5GbAuyY3cMdgNtqgAmrFia/JmwKgfun0b42HbGS85V9GcO2
5zPEMwfD2Id7ZBTrVj+OuQ==
=MSll
-----END PGP SIGNATURE-----

Attachment: pgpFUeWd4MROs.pgp
Description: PGP signature

Reply to:

Prev by Date: Accepted python-django 2:2.2.28-1~deb11u6 (source) into oldstable-security
Next by Date: Accepted php7.4 7.4.33-1+deb11u8 (source) into oldstable-security
Previous by thread: Accepted python-django 2:2.2.28-1~deb11u6 (source) into oldstable-security
Next by thread: Accepted php7.4 7.4.33-1+deb11u8 (source) into oldstable-security
Index(es):
- Date
- Thread