------------------------------------------------------------------------- Debian LTS Advisory DLA-4446-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin January 23, 2026 https://wiki.debian.org/LTS -------------------------------------------------------------------------
Package : python-urllib3 Version : 1.26.5-1~exp1+deb11u3 CVE ID : CVE-2026-21441 Debian Bug : 1125062 It was discovered that python-urllib3, an HTTP library with thread-safe connection pooling for Python, was vulnerable to decompression bomb when following HTTP redirects via the streaming API, which could lead to Denial of Service. For Debian 11 bullseye, this problem has been fixed in version 1.26.5-1~exp1+deb11u3. We recommend that you upgrade your python-urllib3 packages. For the detailed security status of python-urllib3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python-urllib3 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
signature.asc
Description: PGP signature
