[ Reason ]
Fix CVE-2026-33936 by backporting the upstream fix.
Additionally, import an upstream test fix required for the
package test suite to pass with Python 3.13.
[ Impact ]
Malformed DER-encoded private keys can trigger unexpected exceptions,
leading to a denial of service.
[ Tests ]
The package was built successfully and the test suite passes
with the included fixes.
[ Risks ]
Low. The update consists of upstream patches:
- the security fix for CVE-2026-33936;
- a test-only adjustment to keep the test suite compatible with newer
Python versions.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
- CVE-2026-33936: Import upstream patch.
- Fix-tests-with-new-Python: Import upstream patch
to fix test failures with Python 3.13.
[ Other info ]
The upload will be sponsored by @josue.