#1140299 trixie-pu: package python-ecdsa/0.19.1-1+deb13u1

#1140299#5
Date:
2026-06-17 20:27:30 UTC
From:
To:
[ Reason ]
Fix CVE-2026-33936 by backporting the upstream fix.
Additionally, import an upstream test fix required for the
package test suite to pass with Python 3.13.

[ Impact ]
Malformed DER-encoded private keys can trigger unexpected exceptions,
leading to a denial of service.

[ Tests ]
The package was built successfully and the test suite passes
with the included fixes.

[ Risks ]
Low. The update consists of upstream patches:
- the security fix for CVE-2026-33936;
- a test-only adjustment to keep the test suite compatible with newer
  Python versions.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
- CVE-2026-33936: Import upstream patch.
- Fix-tests-with-new-Python: Import upstream patch
  to fix test failures with Python 3.13.

[ Other info ]
The upload will be sponsored by @josue.

#1140299#12
Date:
2026-06-18 08:36:01 UTC
From:
To:
FTR, this test was broken by the CVE-2026-3446 fix in 3.13.5-2+deb13u2
that was included in the 13.5 point release.

cu
Adrian

#1140299#17
Date:
2026-06-30 05:47:23 UTC
From:
To:
Control: tags -1 + confirmed

Please go ahead.

Regards,

Adam