[Git][security-tracker-team/security-tracker][master] Reserve DSA number for python-urllib3 update

Sat Jan 17 11:16:41 GMT 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4563d46a by Salvatore Bonaccorso at 2026-01-17T12:15:56+01:00
Reserve DSA number for python-urllib3 update

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -74613,7 +74613,7 @@ CVE-2025-50182 (urllib3 is a user-friendly HTTP client library for Python. Start
 CVE-2025-50181 (urllib3 is a user-friendly HTTP client library for Python. Prior to 2. ...)
 	{DLA-4421-1}
 	- python-urllib3 2.3.0-3 (bug #1108076)
-	[bookworm] - python-urllib3 <no-dsa> (Minor issue)
+	[bookworm] - python-urllib3 1.26.12-1+deb12u2
 	NOTE: https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v
 	NOTE: https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857 (2.5.0)
 CVE-2025-4965 (The WPBakery Page Builder for WordPress plugin for WordPress is vulner ...)


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[17 Jan 2026] DSA-6102-1 python-urllib3 - security update
+	{CVE-2025-66418 CVE-2026-21441}
+	[bookworm] - python-urllib3 1.26.12-1+deb12u2
+	[trixie] - python-urllib3 2.3.0-3+deb13u1
 [15 Jan 2026] DSA-6101-1 firefox-esr - security update
 	{CVE-2025-14327 CVE-2026-0877 CVE-2026-0878 CVE-2026-0879 CVE-2026-0880 CVE-2026-0882 CVE-2026-0883 CVE-2026-0884 CVE-2026-0885 CVE-2026-0886 CVE-2026-0887 CVE-2026-0890 CVE-2026-0891}
 	[bookworm] - firefox-esr 140.7.0esr-1~deb12u1


=====================================
data/dsa-needed.txt
=====================================
@@ -59,8 +59,6 @@ python-django
 --
 python-keystonemiddleware/stable (jmm)
 --
-python-urllib3 (carnil)
---
 python-tornado
 --
 rtpengine



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4563d46a7d736a5c3200a6efc16b8c732f145559

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4563d46a7d736a5c3200a6efc16b8c732f145559
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260117/0767792e/attachment-0001.htm>
