Debian alert DSA-6102-2 (python-urllib3)
| From: | Salvatore Bonaccorso <carnil@debian.org> | |
| To: | debian-security-announce@lists.debian.org | |
| Subject: | [SECURITY] [DSA 6102-2] python-urllib3 regression update | |
| Date: | Thu, 22 Jan 2026 22:26:28 +0000 | |
| Message-ID: | <E1vj38G-002HJO-2T@seger.debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6102-2 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 22, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : python-urllib3 CVE ID : CVE-2026-21441 Debian Bug : 1126002 The update for python-urllib3 announced in DSA 6102-1 introduced a regression in the patch meant to address CVE-2026-21441 for the oldstable distribution (bookworm). Updated packages are now available to correct this issue. For the oldstable distribution (bookworm), this problem has been fixed in version 1.26.12-1+deb12u3. We recommend that you upgrade your python-urllib3 packages. For the detailed security status of python-urllib3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python-urllib3 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmlyo9pfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Q9lw/+IpzmIbarxJ1CloEA90mnop203iHYI1vN2tYwBz60PZAdzQcSzWHu24lN OyDALRJdaDzLyfioBGq/7wXZcWE+YPnebth4vuiy1roeK69cZiECIG5AH4P4bWpY TLhBsN/m69n7EETc7vJa/O0puVd5kWhtyh4madk9GYQ+3rjjGfWU6szN624xFh53 RV6nt/NNcoY78p+jPNM7ve5rRsSby5jEL+hSdqTBhdGA9tK8AWcxyUdUHi3t0rBw 3c3riNgrrUtW7vhESIwpKogwc/jFw0oESlsXolVjRD6JiRedZHRhM89PzKcolm6k 1KM8YIScdLjiSPFaD7XBHvJrzMm8eqm/ImLgX2G2wJxAC9CecjZod3ib7/aoA9gs DCpDjLl8zYLOmC2hxntSydbv30BjU/kRw/c5OfUERXGFeLWXqdYkt1KwAqa3iMns IIDyVrti4cysFSWTXR+RbFrZlYq6RiWH/CmguBf2jNADHjqfh4APbKEi/C2EC9My 7y1oev3+/4cqFgxnUhXToXC4zFVdkPLGi9Fypd/Q+wTYvkANeD7OgAxjOhP/qUb7 p6cHO5FxW5Z5i1Jq70ntl2livVW61+EmuIobPH/tJt1hFpmjpEUVkYLiKCpSKGFQ cjWrWOc9sTZ8pi0nVAEiI/ViZQONWqfE8vdZHM2v2kDBdVo3JX0= =Gf8p -----END PGP SIGNATURE-----