We believe that the bug you reported is fixed in the latest version of
requests, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1132071@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Carsten Schoenert <c.schoenert@t-online.de> (supplier of updated requests package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Tue, 30 Jun 2026 11:01:43 +0200
Source: requests
Architecture: source
Version: 2.34.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Carsten Schoenert <c.schoenert@t-online.de>
Closes: 1132071 1138296
Changes:
requests (2.34.2-1) unstable; urgency=medium
.
* Team upload.
* d/copyright: Update (upstream) data, remove excluded files
Remove field Files-Excluded completely, no need for a resulting 'dfsg'
suffix anymore.
* d/watch: Move over to Version 5 syntax
* d/gbp.conf: Add some more default values
* New upstream version 2.34.2
Fixed CVE issue(s) in upstream version 2.33
CVE-2026-25645: Insecure Temp File Reuse in extract_zipped_paths()
(Closes: #1132071, #1138296)
* Rebuild patch queue from patch queue-branch
Renamed and reworked patch:
0001-Remove-remote-images-traking-code-and-ads.patch -->
0001-docs-Remove-linking-to-remote-images-and-GH-button.patch
* d/control: Use GH project page for Homepage field
Checksums-Sha1:
496122a809b2dd0d8fc6c6333b98e006e4fdf956 2525 requests_2.34.2-1.dsc
e8e62cc8cfb1c29854fb9241e59952a6d59fe6a5 3332142 requests_2.34.2.orig.tar.gz
213d268adce2b69a33f16ceeb80cd6978ad327c7 13164 requests_2.34.2-1.debian.tar.xz
69f2c817ff6f4c6b0799f842ee33609ce9156b98 9112 requests_2.34.2-1_amd64.buildinfo
Checksums-Sha256:
b35ff1644733098abbf681b3ccdd9dae5d909b6433da8ee981592ecfe20b2fef 2525 requests_2.34.2-1.dsc
c22eb789a16da02635fc744a10c64d58a47cd5d9ac376b127f9292f69be35b23 3332142 requests_2.34.2.orig.tar.gz
2c29be8de8a733168fb0c8a03a00fdb20958d9ad6e239bb75e52091b72df349f 13164 requests_2.34.2-1.debian.tar.xz
7163cc338d29784a06cfb4620ba1ea809d37218c5fb5e151edcb39e9b03e9add 9112 requests_2.34.2-1_amd64.buildinfo
Files:
b765a790018e838fcd3b1d9f590aa754 2525 python optional requests_2.34.2-1.dsc
65e3eb084bd1a134459f5fa8dd5dfc85 3332142 python optional requests_2.34.2.orig.tar.gz
b5cc9633192eb6e82951d1c9be8f2548 13164 python optional requests_2.34.2-1.debian.tar.xz
105ef11978ef713b0f01354e4d3b1b21 9112 python optional requests_2.34.2-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJMBAEBCgA2FiEEtw38bxNP7PwBHmKqgwFgFCUdHbAFAmpDiDQYHGMuc2Nob2Vu
ZXJ0QHQtb25saW5lLmRlAAoJEIMBYBQlHR2wwB8QAIb1BcsMX/w77r0ie9OaXcLq
3q85LjIj0UNcHTl7R2XlqAXP3jEsz+7RgaZk2nk+eFtAOGleGduXlO2WIpP1ZI0W
B1wWz02KQGGYhujdTBL3tjXlMzJ7OP7RIBO+eIV7yNAg3an3XelRdOzHtamwT7ty
QzeAUxC6ykehps3W3W+Q+kVyzRsg6g5/zUcgiZsCB3QFmu/Z14U0xWBTF+FW+A2L
bqbwajA/Stxr/ir8pE+bdong2qk0MkwiGJME2SHuGgD7CLqIcOUctFIjKjN1ngph
guwuhREA0vPy/XAC+WhBLDfWqITrDhiR6gBgIIGwpRRenHNvmC4/vuHptvLeOoGa
CLtPNJEcmVQSAnjXKH6jMpToNemY/7Mo3g6keKc+MHhXlAKZ6J+nM+oh4TKvwCbs
/EmC0P9683uskTGN6Cwaf4ZMzyW610t4WF4Tg9DJ9G9ZI8OLIQDFDuUfJMvO2l19
RHDiMCOr2XnHvddRKdI5y6TKrtIVK3Aywm1MyMA2YYUFId9Nn04R2hI2lU3E+ohZ
hNGxM/ufWoxfNxujMngdX0RWp2vQoPiummVtbfZWB9yI6qtpZl8r+0iKV/K4b6y6
nz7WV9JT8OxlAugDfxeTHT7rA+3BUHFmYNVysafHoTskvMec/qXAlXoxuFvVhzK7
x+2jE9fv/qmMSDjCH6qB
=fcfb
-----END PGP SIGNATURE-----