[ubuntu/resolute-proposed] python-urllib3 2.6.3-1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Feb 10 13:06:53 UTC 2026
python-urllib3 (2.6.3-1) unstable; urgency=medium
* Team upload.
* New upstream release:
- CVE-2025-66471: Fixed a security issue where streaming API could
improperly handle highly compressed HTTP content ("decompression
bombs") leading to excessive resource consumption even when a small
amount of data was requested. Reading small chunks of compressed data
is safer and much more efficient now (closes: #1122029).
- Fixed HTTPResponse.read_chunked() to properly handle leftover data in
the decoder's buffer when reading compressed chunked responses
(closes: #1122743).
* Bump Build-Depends/Suggests on python3-brotli to >= 1.2.0 to improve the
fix for CVE-2025-66418.
Date: 2026-02-06 06:42:35.817647+00:00
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/python-urllib3/2.6.3-1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Resolute-changes
mailing list