CLSA-2026-1779096552 Fix CVE(s): CVE-2025-13836, CVE-2026-4519
SECURITY UPDATE: memory denial of service via attacker-controlled Content-Length in http.client - debian/patches/CVE-2025-13836.patch: rewrite Lib/http/client.py saferead to read large responses in geometrically-growing chunks bounded by MINREADBUFSIZE 1 MiB, preventing OOM when a malicious serve...