-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 12 May 2026 12:17:27 +0700
Source: python3.11
Architecture: source
Version: 3.11.2-6+deb12u8
Distribution: bookworm
Urgency: medium
Maintainer: Matthias Klose <doko@debian.org>
Changed-By: Arnaud Rebillout <arnaudr@debian.org>
Changes:
 python3.11 (3.11.2-6+deb12u8) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Apply upstream patches for the following CVEs:
     - CVE-2025-13462: Incorrect parsing of TarInfo header when GNU long name
       and type AREGTYPE are combined
     - CVE-2026-2297: SourcelessFileLoader does not use io.open_code()
     - CVE-2026-3644: Reject control characters in more places in
       http.cookies.Morsel (follow-up of patch for CVE-2026-0672)
     - CVE-2026-4224: pyexpat.c: Unbounded C recursion in conv_content_model
       causes crash
     - CVE-2026-4519: Reject leading dashes in webbrowser.open()
     - CVE-2026-6100: Possible UAF in {LZMA,BZ2}Decompressor
   * Add patch to skip some failing XML tests. Failure is due to the fact that
     we build / tests against expat/2.5.0-1+deb12u2, which was patched for
     CVE-2023-52425, and that broke some tests. See the patch itself for more
     details.
Checksums-Sha1:
 9cdd90672e2ca5c77cadda6f6a767f7d5cacd302 3805 python3.11_3.11.2-6+deb12u8.dsc
 54d04be4309e6fb445477dd0ae2ac548cee473e7 26437858 python3.11_3.11.2.orig.tar.gz
 d08f7d92da0cce45e2ddc5e2fe4c579c5f1473cf 279556 python3.11_3.11.2-6+deb12u8.debian.tar.xz
 79d65f9d65870167dfa0e7f13968c85ee2bf091d 6460 python3.11_3.11.2-6+deb12u8_source.buildinfo
Checksums-Sha256:
 197fa19ab45f41c820f40f6d9ead671c2ea29ddc53ba9424b36f1bf58458a10e 3805 python3.11_3.11.2-6+deb12u8.dsc
 2411c74bda5bbcfcddaf4531f66d1adc73f247f529aee981b029513aefdbf849 26437858 python3.11_3.11.2.orig.tar.gz
 ece2d63c70ac0b7a401fbe6b51b0103be997c294a01a3865549be1862794ba97 279556 python3.11_3.11.2-6+deb12u8.debian.tar.xz
 a72a2082c12e1445a5ad76ad6f51ebfe7a6bcbc1db304893ce4b0b1e9a82b591 6460 python3.11_3.11.2-6+deb12u8_source.buildinfo
Files:
 2595d8a6c6f526b0ed4b9446dc7ca98a 3805 python optional python3.11_3.11.2-6+deb12u8.dsc
 f6b5226ccba5ae1ca9376aaba0b0f673 26437858 python optional python3.11_3.11.2.orig.tar.gz
 36d0852316a8a5187d2b8e719b39b9f7 279556 python optional python3.11_3.11.2-6+deb12u8.debian.tar.xz
 0829e3aa6ce98730ffd7ffb8e492f898 6460 python optional python3.11_3.11.2-6+deb12u8_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEE0Kl7ndbut+9n4bYs5yXoeRRgAhYFAmoD99ITHGFybmF1ZHJA
ZGViaWFuLm9yZwAKCRDnJeh5FGACFmnRD/9yI/jPyTLTnkzrNvPT0dwZFLZzgRIP
P2zDTe0ht7pAGXEvfCoWZfWN3xGskrX7yhLuXuZ80wprGJj3TYZxckQnV+W/HWRQ
45cZRuguc9vaD2biUw6FCtlB8UUYZiJxkuGrkPtOORdqGUD9UGYte3H5nsw5Tv4H
8OeDCu2d96c3JuMiah7rdfdZN1kKIjzgNyqtJyiVQwLTTn/sERvlrTQ4QIXKZ1U9
pGl8dv1UzmM/4nKYwewAuIzx8YoScGexcS8kiWT+k01HmMtbtNW8KvcHVNFgUVkL
yNIAT8F/b3UFs5K2Z7wRmIi7ZGfJnYm5ENvTqpolNq5pLPx4kvZU2NJ5KmgurK+j
To0gytaClUX8I/sNP4nRjo9kD0rzRyzcEF1TeeCXpEgQFJ3IQzZiZeZlsinwFun2
wr/bOm5nk0IutvSi0tF3WYAZCRP0mHMwKn+CgBAWpli4PfNxKBdZfLk21BWEnggN
vQFNTEEQYDdgm1FPwFJpXdjjKAAPDxOL4hwbu+7X3EOKab53l7LfXYFgSOoB6Zd0
pGq7pdnPRO8XZxLcWO8GjR729TZ31ulzIMYlynEE6z4IWYOh2Et78WlnPGAtq8rS
z0MQCYWpsiwHM9WbBKOszG393H7gFQjEbdp5mbshO7CyjpgNsBK+0QXdgnwSHHx6
R/rE+u+N/RwzlA==
=P/NG
-----END PGP SIGNATURE-----