diff -pruN 25.1.1+dfsg-1/debian/changelog 25.1.1+dfsg-1ubuntu1/debian/changelog
--- 25.1.1+dfsg-1/debian/changelog	2025-05-02 16:51:29.000000000 +0000
+++ 25.1.1+dfsg-1ubuntu1/debian/changelog	2025-06-26 13:18:46.000000000 +0000
@@ -1,3 +1,14 @@
+python-pip (25.1.1+dfsg-1ubuntu1) questing; urgency=medium
+
+  * SECURITY UPDATE: Information disclosure through improperly disabled
+    redirects.
+    - debian/patches/CVE-2025-50181.patch: Add "retries" check and set retries
+      to Retry.from_int(retries, redirect=False) as well as set
+      raise_on_redirect in ./src/pip/_vendor/urllib3/poolmanager.py.
+    - CVE-2025-50181
+
+ -- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com>  Thu, 26 Jun 2025 10:48:46 -0230
+
 python-pip (25.1.1+dfsg-1) unstable; urgency=medium
 
   * New upstream point release.
diff -pruN 25.1.1+dfsg-1/debian/control 25.1.1+dfsg-1ubuntu1/debian/control
--- 25.1.1+dfsg-1/debian/control	2025-05-02 16:51:29.000000000 +0000
+++ 25.1.1+dfsg-1ubuntu1/debian/control	2025-06-26 13:18:46.000000000 +0000
@@ -1,7 +1,8 @@
 Source: python-pip
 Section: python
 Priority: optional
-Maintainer: Debian Python Team <team+python@tracker.debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Debian Python Team <team+python@tracker.debian.org>
 Uploaders: Carl Chenet <chaica@debian.org>,
            Stefano Rivera <stefanor@debian.org>,
 Homepage: https://pip.pypa.io/en/stable/
diff -pruN 25.1.1+dfsg-1/debian/patches/CVE-2025-50181.patch 25.1.1+dfsg-1ubuntu1/debian/patches/CVE-2025-50181.patch
--- 25.1.1+dfsg-1/debian/patches/CVE-2025-50181.patch	1970-01-01 00:00:00.000000000 +0000
+++ 25.1.1+dfsg-1ubuntu1/debian/patches/CVE-2025-50181.patch	2025-06-26 13:18:46.000000000 +0000
@@ -0,0 +1,91 @@
+Backport of:
+
+From f05b1329126d5be6de501f9d1e3e36738bc08857 Mon Sep 17 00:00:00 2001
+From: Illia Volochii <illia.volochii@gmail.com>
+Date: Wed, 18 Jun 2025 16:25:01 +0300
+Subject: [PATCH] Merge commit from fork
+
+* Apply Quentin's suggestion
+
+Co-authored-by: Quentin Pradet <quentin.pradet@gmail.com>
+
+* Add tests for disabled redirects in the pool manager
+
+* Add a possible fix for the issue with not raised `MaxRetryError`
+
+* Make urllib3 handle redirects instead of JS when JSPI is used
+
+* Fix info in the new comment
+
+* State that redirects with XHR are not controlled by urllib3
+
+* Remove excessive params from new test requests
+
+* Add tests reaching max non-0 redirects
+
+* Test redirects with Emscripten
+
+* Fix `test_merge_pool_kwargs`
+
+* Add a changelog entry
+
+* Parametrize tests
+
+* Drop a fix for Emscripten
+
+* Apply Seth's suggestion to docs
+
+Co-authored-by: Seth Michael Larson <sethmichaellarson@gmail.com>
+
+* Use a minor release instead of the patch one
+
+---------
+
+Co-authored-by: Quentin Pradet <quentin.pradet@gmail.com>
+Co-authored-by: Seth Michael Larson <sethmichaellarson@gmail.com>
+---
+ CHANGES.rst                                |   9 ++
+ docs/reference/contrib/emscripten.rst      |   2 +-
+ dummyserver/app.py                         |   1 +
+ src/urllib3/poolmanager.py                 |  18 +++-
+ test/contrib/emscripten/test_emscripten.py |  16 ++++
+ test/test_poolmanager.py                   |   5 +-
+ test/with_dummyserver/test_poolmanager.py  | 101 +++++++++++++++++++++
+ 7 files changed, 148 insertions(+), 4 deletions(-)
+
+Index: python-pip-25.1.1+dfsg/src/pip/_vendor/urllib3/poolmanager.py
+===================================================================
+--- python-pip-25.1.1+dfsg.orig/src/pip/_vendor/urllib3/poolmanager.py
++++ python-pip-25.1.1+dfsg/src/pip/_vendor/urllib3/poolmanager.py
+@@ -170,6 +170,22 @@ class PoolManager(RequestMethods):
+ 
+     def __init__(self, num_pools=10, headers=None, **connection_pool_kw):
+         RequestMethods.__init__(self, headers)
++        if "retries" in connection_pool_kw:
++            retries = connection_pool_kw["retries"]
++            if not isinstance(retries, Retry):
++                # When Retry is initialized, raise_on_redirect is based
++                # on a redirect boolean value.
++                # But requests made via a pool manager always set
++                # redirect to False, and raise_on_redirect always ends
++                # up being False consequently.
++                # Here we fix the issue by setting raise_on_redirect to
++                # a value needed by the pool manager without considering
++                # the redirect boolean.
++                raise_on_redirect = retries is not False
++                retries = Retry.from_int(retries, redirect=False)
++                retries.raise_on_redirect = raise_on_redirect
++                connection_pool_kw = connection_pool_kw.copy()
++                connection_pool_kw["retries"] = retries
+         self.connection_pool_kw = connection_pool_kw
+         self.pools = RecentlyUsedContainer(num_pools)
+ 
+@@ -389,7 +405,7 @@ class PoolManager(RequestMethods):
+             kw["body"] = None
+             kw["headers"] = HTTPHeaderDict(kw["headers"])._prepare_for_method_change()
+ 
+-        retries = kw.get("retries")
++        retries = kw.get("retries", response.retries)
+         if not isinstance(retries, Retry):
+             retries = Retry.from_int(retries, redirect=redirect)
+ 
diff -pruN 25.1.1+dfsg-1/debian/patches/series 25.1.1+dfsg-1ubuntu1/debian/patches/series
--- 25.1.1+dfsg-1/debian/patches/series	2025-05-02 16:51:29.000000000 +0000
+++ 25.1.1+dfsg-1ubuntu1/debian/patches/series	2025-06-26 13:18:46.000000000 +0000
@@ -5,3 +5,4 @@ certifi-debian-ca-certificates.patch
 no-sphinxcontrib.towncrier.patch
 intersphinx.patch
 pip3-manpages.patch
+CVE-2025-50181.patch