projects / python3.9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(merge: 57caa29 15aee32)
python3.9 (3.9.2-1+deb11u5) bullseye; urgency=medium
authorAndrej Shadura <andrewsh@debian.org>
Sun, 25 Jan 2026 13:37:52 +0000 (14:37 +0100)
committerAndrej Shadura <andrewsh@debian.org>
Sun, 25 Jan 2026 13:37:52 +0000 (14:37 +0100)
commit049b76028cd2743370565559acbe516f6b251bbe
treeb5114309fdb55a3a79b3865fbc8c12a4c2b13319tree | snapshot
parent57caa29e801e48d677467b187b6ed2be757c913dcommit | diff
parent15aee32919ccc7ca5a25b301f04c16c7161f4614commit | diff
python3.9 (3.9.2-1+deb11u5) bullseye; urgency=medium

  * Apply upstream patch to fix regression after CVE-2025-12084 fix
    (see #1122875 for more details)
  * Apply upstream patched for the following CVEs:
    - CVE-2025-11468: Folding email comments of unfoldable characters
      didn't preserve parenthesis which could be abused.
    - CVE-2025-15282: User-controlled data URLs parsed by urllib allowed
      injecting headers through newlines in the data URL mediatype.
    - CVE-2025-15366: User-controlled command could have additional commands
      injected using newlines.
    - CVE-2025-15367: User-controlled command could have additional commands
      injected using newlines.
    - CVE-2026-0672: User-controlled cookie values and parameters could be
      used to inject HTTP headers into messages.
    - CVE-2026-0865: User-controlled header names and values containing
      newlines could be used to inject HTTP headers.
    - CVE-2026-1299: email module allowed header injection in the
      BytesGenerator class.

[dgit import unpatched python3.9 3.9.2-1+deb11u5]
210 files changed:
debian/2to3-3.1 | | blob
debian/FAQ.html | | blob
debian/PVER-dbg.README.Debian.in | | blob
debian/PVER-dbg.overrides.in | | blob
debian/PVER-dbg.postinst.in | | blob
debian/PVER-dbg.prerm.in | | blob
debian/PVER-doc.doc-base.PVER-api.in | | blob
debian/PVER-doc.doc-base.PVER-dist.in | | blob
debian/PVER-doc.doc-base.PVER-ext.in | | blob
debian/PVER-doc.doc-base.PVER-inst.in | | blob
debian/PVER-doc.doc-base.PVER-lib.in | | blob
debian/PVER-doc.doc-base.PVER-new.in | | blob
debian/PVER-doc.doc-base.PVER-ref.in | | blob
debian/PVER-doc.doc-base.PVER-tut.in | | blob
debian/PVER-doc.info.in | | blob
debian/PVER-doc.overrides.in | | blob
debian/PVER-examples.overrides.in | | blob
debian/PVER-minimal.README.Debian.in | | blob
debian/PVER-minimal.overrides.in | | blob
debian/PVER-minimal.postinst.in | | blob
debian/PVER-minimal.postrm.in | | blob
debian/PVER-minimal.preinst.in | | blob
debian/PVER-minimal.prerm.in | | blob
debian/PVER-venv.overrides.in | | blob
debian/PVER-venv.postinst.in | | blob
debian/PVER-venv.postrm.in | | blob
debian/PVER-venv.prerm.in | | blob
debian/PVER.desktop.in | | blob
debian/PVER.overrides.in | | blob
debian/PVER.postinst.in | | blob
debian/PVER.prerm.in | | blob
debian/README.Debian.in | | blob
debian/README.PVER.in | | blob
debian/README.Tk | | blob
debian/README.dbm | | blob
debian/README.idle-PVER.in | | blob
debian/README.maintainers.in | | blob
debian/README.python | | blob
debian/README.source | | blob
debian/README.venv | | blob
debian/changelog | | blob
debian/changelog.shared | | blob
debian/compat | | blob
debian/control | | blob
debian/control.in | | blob
debian/control.stdlib | | blob
debian/control.udeb | | blob
debian/copyright | | blob
debian/depgraph.py | | blob
debian/dh_doclink | | blob
debian/idle-PVER.1.in | | blob
debian/idle-PVER.overrides.in | | blob
debian/idle-PVER.postinst.in | | blob
debian/idle-PVER.postrm.in | | blob
debian/idle-PVER.prerm.in | | blob
debian/idle.desktop.in | | blob
debian/libPVER-dbg.overrides.in | | blob
debian/libPVER-dbg.prerm.in | | blob
debian/libPVER-dbg.symbols.i386.in | | blob
debian/libPVER-dbg.symbols.in | | blob
debian/libPVER-dev.overrides.in | | blob
debian/libPVER-minimal.overrides.in | | blob
debian/libPVER-minimal.postinst.in | | blob
debian/libPVER-minimal.postrm.in | | blob
debian/libPVER-minimal.prerm.in | | blob
debian/libPVER-stdlib.overrides.in | | blob
debian/libPVER-stdlib.prerm.in | | blob
debian/libPVER-testsuite.overrides.in | | blob
debian/libPVER-testsuite.postinst.in | | blob
debian/libPVER-testsuite.prerm.in | | blob
debian/libPVER.overrides.in | | blob
debian/libPVER.symbols.i386.in | | blob
debian/libPVER.symbols.in | | blob
debian/libpython.symbols.in | | blob
debian/locale-gen | | blob
debian/mincheck.py | | blob
debian/mkbinfmt.py | | blob
debian/multiarch.h.in | | blob
debian/openssl.cnf | | blob
debian/patches/0001-3.9-gh-68966-Make-mailcap-refuse-to-match-unsafe-fil.patch | | blob
debian/patches/0002-3.9-gh-95778-CVE-2020-10735-Prevent-DoS-by-very-larg.patch | | blob
debian/patches/0003-bpo-42988-Remove-the-pydoc-getfile-feature-GH-25015.patch | | blob
debian/patches/0004-bpo-43075-Fix-ReDoS-in-urllib-AbstractBasicAuthHandl.patch | | blob
debian/patches/0005-bpo-44022-Fix-http-client-infinite-line-reading-DoS-.patch | | blob
debian/patches/0006-bpo-44022-Improve-the-regression-test.-GH-26503.patch | | blob
debian/patches/0007-bpo-43285-Make-ftplib-not-trust-the-PASV-response.-G.patch | | blob
debian/patches/0008-gh-87389-Fix-an-open-redirection-vulnerability-in-ht.patch | | blob
debian/patches/0009-bpo-36384-Leading-zeros-in-IPv4-addresses-are-no-lon.patch | | blob
debian/patches/0010-3.9-gh-97514-Don-t-use-Linux-abstract-sockets-for-mu.patch | | blob
debian/patches/0011-3.9-gh-98433-Fix-quadratic-time-idna-decoding.-GH-99.patch | | blob
debian/patches/0012-3.9-gh-91133-tempfile.TemporaryDirectory-fix-symlink.patch | | blob
debian/patches/0013-3.9-gh-102153-Start-stripping-C0-control-and-space-c.patch | | blob
debian/patches/0014-bpo-27513-email.utils.getaddresses-now-handles-Heade.patch | | blob
debian/patches/0015-3.9-CVE-2023-27043-gh-102988-Reject-malformed-addres.patch | | blob
debian/patches/0016-3.9-gh-108310-Fix-CVE-2023-40217-Check-for-avoid-the.patch | | blob
debian/patches/0017-3.9-gh-108342-Break-ref-cycle-in-SSLSocket._create-e.patch | | blob
debian/patches/0018-3.9-gh-108342-Make-ssl-TestPreHandshakeClose-more-re.patch | | blob
debian/patches/0019-3.9-gh-114572-Fix-locking-in-cert_store_stats-and-ge.patch | | blob
debian/patches/0020-3.9-gh-109858-Protect-zipfile-from-quoted-overlap-zi.patch | | blob
debian/patches/0021-3.9-gh-113171-gh-65056-Fix-private-non-global-IP-add.patch | | blob
debian/patches/0022-3.9-gh-121285-Remove-backtracking-when-parsing-tarfi.patch | | blob
debian/patches/0023-3.9-gh-121650-Encode-newlines-in-headers-and-verify-.patch | | blob
debian/patches/0024-3.9-gh-123067-Fix-quadratic-complexity-in-parsing-qu.patch | | blob
debian/patches/0025-3.9-gh-123270-Replaced-SanitizedNames-with-a-more-su.patch | | blob
debian/patches/0026-3.9-gh-124651-Quote-template-strings-in-venv-activat.patch | | blob
debian/patches/0027-3.11-gh-103848-Adds-checks-to-ensure-that-bracketed-.patch | | blob
debian/patches/0028-bpo-46811-Make-test-suite-support-Expat-2.4.5-GH-314.patch | | blob
debian/patches/0029-3.9-Fix-tests-for-XMLPullParser-with-Expat-2.6.0-GH-.patch | | blob
debian/patches/0030-bpo-45436-Fix-tkinter-tests-with-Tcl-Tk-8.6.11-GH-29.patch | | blob
debian/patches/CVE-2022-0391-1.patch | | blob
debian/patches/CVE-2022-0391-2.patch | | blob
debian/patches/CVE-2022-37454.patch | | blob
debian/patches/CVE-2025-0938.patch | | blob
debian/patches/CVE-2025-11468.patch | | blob
debian/patches/CVE-2025-12084-2.patch | | blob
debian/patches/CVE-2025-12084.patch | | blob
debian/patches/CVE-2025-13836.patch | | blob
debian/patches/CVE-2025-13837-2.patch | | blob
debian/patches/CVE-2025-13837.patch | | blob
debian/patches/CVE-2025-15282.patch | | blob
debian/patches/CVE-2025-15366.patch | | blob
debian/patches/CVE-2025-15367.patch | | blob
debian/patches/CVE-2025-1795-1.patch | | blob
debian/patches/CVE-2025-1795-2.patch | | blob
debian/patches/CVE-2025-4516-1.patch | | blob
debian/patches/CVE-2025-4516-2.patch | | blob
debian/patches/CVE-2025-4516-3.patch | | blob
debian/patches/CVE-2025-4516-4.patch | | blob
debian/patches/CVE-2025-4516-5.patch | | blob
debian/patches/CVE-2025-4516-6.patch | | blob
debian/patches/CVE-2025-6069.patch | | blob
debian/patches/CVE-2025-6075.patch | | blob
debian/patches/CVE-2025-8194.patch | | blob
debian/patches/CVE-2025-8291.patch | | blob
debian/patches/CVE-2026-0672.patch | | blob
debian/patches/CVE-2026-0865.patch | | blob
debian/patches/CVE-2026-1299.patch | | blob
debian/patches/argparse-no-shutil.diff | | blob
debian/patches/arm-alignment.diff | | blob
debian/patches/bdist-wininst-notfound.diff | | blob
debian/patches/build-math-object.diff | | blob
debian/patches/ctypes-arm.diff | | blob
debian/patches/deb-locations.diff | | blob
debian/patches/deb-setup.diff | | blob
debian/patches/disable-sem-check.diff | | blob
debian/patches/disable-some-tests.diff | | blob
debian/patches/distutils-install-layout.diff | | blob
debian/patches/distutils-link.diff | | blob
debian/patches/distutils-sysconfig-2.diff | | blob
debian/patches/distutils-sysconfig.diff | | blob
debian/patches/doc-build-texinfo.diff | | blob
debian/patches/ensurepip-disabled.diff | | blob
debian/patches/ensurepip-wheels.diff | | blob
debian/patches/ext-no-libpython-link.diff | | blob
debian/patches/gdbm-import.diff | | blob
debian/patches/git-updates.diff | | blob
debian/patches/hurd_kfreebsd_thread_native_id.diff | | blob
debian/patches/langpack-gettext.diff | | blob
debian/patches/lib-argparse.diff | | blob
debian/patches/lib2to3-no-pickled-grammar.diff | | blob
debian/patches/link-opt.diff | | blob
debian/patches/link-timemodule.diff | | blob
debian/patches/local-doc-references.diff | | blob
debian/patches/locale-module.diff | | blob
debian/patches/lto-link-flags.diff | | blob
debian/patches/mangle-fstack-protector.diff | | blob
debian/patches/mpdecimal-2.5.1.diff | | blob
debian/patches/multiarch-extname.diff | | blob
debian/patches/multiarch.diff | | blob
debian/patches/profiled-build.diff | | blob
debian/patches/pydoc-use-pager.diff | | blob
debian/patches/reproducible-buildinfo.diff | | blob
debian/patches/series | | blob
debian/patches/setup-modules.diff | | blob
debian/patches/sphinx3.diff | | blob
debian/patches/sysconfig-debian-schemes.diff | | blob
debian/patches/sysconfigdata-name.diff | | blob
debian/patches/tempfile-minimal.diff | | blob
debian/patches/test-no-random-order.diff | | blob
debian/patches/tkinter-import.diff | | blob
debian/pdb.1.in | | blob
debian/pydoc.1.in | | blob
debian/pygettext.1 | | blob
debian/pyhtml2devhelp.py | | blob
debian/pylogo.xpm | | blob
debian/pymindeps.py | | blob
debian/pysetup3.1 | | blob
debian/python3-config.1 | | blob
debian/rules | | blob
debian/salsa-ci.yml | | blob
debian/script.py | | blob
debian/sitecustomize.py.in | | blob
debian/source/format | | blob
debian/source/lintian-overrides | | blob
debian/testdir | | blob
debian/tests/control | | blob
debian/tests/failing-tests | | blob
debian/tests/failing-tests-dbg | | blob
debian/tests/module-install-local | | blob
debian/tests/module-install-user | | blob
debian/tests/module-install-venv | | blob
debian/tests/module-install-virtualenv | | blob
debian/tests/packages/fibc/fibc.c | | blob
debian/tests/packages/fibc/setup.py | | blob
debian/tests/packages/fibpy/fibpy.py | | blob
debian/tests/packages/fibpy/setup.py | | blob
debian/tests/test-common.sh | | blob
debian/tests/testsuite | | blob
debian/tests/testsuite-dbg | | blob
debian/watch | | blob
Unnamed repository; edit this file 'description' to name the repository.