-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 12 Jan 2026 22:53:55 +0100
Source: python-urllib3
Binary: python3-urllib3
Architecture: all
Version: 1.26.12-1+deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description:
 python3-urllib3 - HTTP library with thread-safe connection pooling for Python3
Closes: 1108076 1122030 1125062
Changes:
 python-urllib3 (1.26.12-1+deb12u2) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Redirects are not disabled when retries are disabled on PoolManager
     instantiation (CVE-2025-50181) (Closes: #1108076)
   * Unbounded number of links in the decompression chain (CVE-2025-66418)
     (Closes: #1122030)
   * Decompression-bomb safeguards bypassed when following HTTP redirects
     (streaming API) (CVE-2026-21441) (Closes: #1125062)
Checksums-Sha1:
 1342aae4090afdfe90bb5986983f05aa707a74e3 7193 python-urllib3_1.26.12-1+deb12u2_all-buildd.buildinfo
 0bc2ef3543eeb22bff3e9168978d306cee9cf429 114108 python3-urllib3_1.26.12-1+deb12u2_all.deb
Checksums-Sha256:
 5d17ad25ee8d4af0f7ef7975c2b4fb4eca2002433e05edbf98ed51080db771e1 7193 python-urllib3_1.26.12-1+deb12u2_all-buildd.buildinfo
 1978ce9fe80c67a27f3676321f674d8e087f45057c9045189812a67e29dbe751 114108 python3-urllib3_1.26.12-1+deb12u2_all.deb
Files:
 388ed3140de0e2d25d7b361b0b37b514 7193 python optional python-urllib3_1.26.12-1+deb12u2_all-buildd.buildinfo
 d96032deb76fe062c748e291116bbd84 114108 python optional python3-urllib3_1.26.12-1+deb12u2_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEj4Fym5GgeZdPqKhrJm69HxMTN+oFAmlmVmgACgkQJm69HxMT
N+qJHg/8D/WJ1tVMshmOgM6AkQZ1Bqoebg6gYL4UmGYSWJUOdWQMChTDE2hd0cFp
2lkfRSbwhXXx4h29hl3D6VfJfryTLx7KZaiHFn5oBSAohjezXbfwG/ji3gaTHGlK
wcmv2wljNDFlftTO+haw3TyMufGsBz22R1VZnZ62/FuKhsOdNzWMnwDBn5fy3/7h
lS00uolyVCBb4dfJY1KZdUXXOqNc5lM8d+3Gx6mTH2Jl5rJDnNjHpZPBZb3Qqcdt
PVxxMZZI9u9yfnuNgJs35awhI8Tl8PbkJrsWqss7qtrSkOyqdPMAJbfmdgzAKsjS
djQxx68KPu35aBKekmiH6zZSisQ35E/PHhu0y9iazQJB9skDmIiKWK+2RsBOtzMk
MjSeMvakPERUDc/xDM2qgvtGtRHkV+e8zcWgYUgniOufcq9izK3nsbUX9lRqqliw
j9y0D2ZqtEfkb9sQxPD3/+3GofEkkXZ6h+nrLyOJt4agtUg2AI//1rbZ5t2to7fx
DfIUUq9EOoK4wg6Dv1xa/HgI58YMmKa3YphM4DFIzmDIsuRHajb28L5BAGGkpizv
P9Z0GlT+u/oHfOf1pOPBUNeU/pTEhgCvpSWmyxxgGB6JtikGVOjR4nlFuB/pidMN
ncxCW4KJ8/z7MFB8494K4d9PbteIaP9sjtr+KQg0ucO4izFpGRg=
=zbjF
-----END PGP SIGNATURE-----