-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 13 Jun 2026 10:18:01 -0400 Source: python3.13 Architecture: source Version: 3.13.5-2+deb13u3 Distribution: trixie Urgency: medium Maintainer: Matthias Klose Changed-By: Stefano Rivera Closes: 1108039 1138157 Changes: python3.13 (3.13.5-2+deb13u3) trixie; urgency=medium . [ Stefano Rivera ] * Patches: - Fix a crash in SNI callback when the SSL object is gone. - Fix reference leaks in ssl.SSLContext objects. (Closes: #1138157) - Avoid garbage collecting objects too early when sharing __dict__ (Closes: #1108039) - Update the patch for CVE-2026-6019 to use decodeURIComponent. . [ Moritz Mühlenhoff ] * CVE-2026-1502 * CVE-2026-3276 * CVE-2026-7774 * CVE-2026-8328 * CVE-2026-9669 Checksums-Sha1: 04defc6b604f4324962dffe506f1d8ffcd8c1e1d 3721 python3.13_3.13.5-2+deb13u3.dsc 11afa083b71c9f1b5e03a35ba0a7a7525f9255ca 295440 python3.13_3.13.5-2+deb13u3.debian.tar.xz a289325ba76f9b89be35137214e1dc59ff8198fe 9914 python3.13_3.13.5-2+deb13u3_source.buildinfo Checksums-Sha256: 2f6c3f83cd3de0355f4411807871a95f99a0aae9b397daba5dbdbf1bd5169cc8 3721 python3.13_3.13.5-2+deb13u3.dsc 8e9ed35b583e093f80fbcd53bf3de9245c8070cc5ea9b36e5f34d3a45bff73e9 295440 python3.13_3.13.5-2+deb13u3.debian.tar.xz dd4e76440279d5275e2661dad7e2657ce5b7c05f1164235a3361d16fda7f824e 9914 python3.13_3.13.5-2+deb13u3_source.buildinfo Files: 7a825a024e6be72b2d096daf406f0312 3721 python optional python3.13_3.13.5-2+deb13u3.dsc d83b9e9c7ba756c6a2b3a8369d7bbbd5 295440 python optional python3.13_3.13.5-2+deb13u3.debian.tar.xz 955bf77430750e4ce1c003b11239940f 9914 python optional python3.13_3.13.5-2+deb13u3_source.buildinfo -----BEGIN PGP SIGNATURE----- iIoEARYKADIWIQTumtb5BSD6EfafSCRHew2wJjpU2AUCai1myxQcc3RlZmFub3JA ZGViaWFuLm9yZwAKCRBHew2wJjpU2AAFAQC/F3JT85w/cv6uDk751KeuNCyReRNY QlgvM6qnf0RDWAEAtEsiiy6Qh1nU40oAxt3nouclvdjzC+Ex3530ULUFjAM= =nhAp -----END PGP SIGNATURE-----