Your message dated Sun, 03 Mar 2024 13:17:26 +0000
with message-id <[email protected]>
and subject line Bug#1050843: fixed in python3.11 3.11.2-6+deb12u1
has caused the Debian Bug report #1050843,
regarding Use-after-free crash when deallocating a frame object
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1050843: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050843
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: python3.11
Version: 3.11.2-6
Tags: bookworm fixed-upstream patch upstream

Python 3.11.0 through 3.11.4 have a use-after-free condition when deallocating 
a stack frame object, manifesting as a SIGSEGV crash under certain conditions 
on the current position of the stack pointer and the number and depth of 
allocated objects. This potentially affects any Python application, and is 
known to affect the Zulip chat server.

This is a regression from 3.10.x (hence also from 3.9.x in Debian 11), and is 
fixed in 3.11.5 which is now in Debian testing. Please apply this fix in Debian 
12.

Upstream issue: https://github.com/python/cpython/issues/106092
Test case: https://github.com/andersk/python-segfault
Patch from 3.11.5: https://github.com/python/cpython/pull/107533

Thanks,
Anders

--- End Message ---
--- Begin Message ---
Source: python3.11
Source-Version: 3.11.2-6+deb12u1
Done: Stefano Rivera <[email protected]>

We believe that the bug you reported is fixed in the latest version of
python3.11, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stefano Rivera <[email protected]> (supplier of updated python3.11 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 02 Mar 2024 16:28:50 -0400
Source: python3.11
Architecture: source
Version: 3.11.2-6+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Matthias Klose <[email protected]>
Changed-By: Stefano Rivera <[email protected]>
Closes: 1050843
Changes:
 python3.11 (3.11.2-6+deb12u1) bookworm; urgency=medium
 .
   [ Anders Kaseorg ]
   * Fix a use-after-free crash when deallocating a frame object
     (closes: #1050843).
Checksums-Sha1:
 ddf70a69bf88f06efff63171b9b3688664e77ede 3199 python3.11_3.11.2-6+deb12u1.dsc
 2ff7abe11ab9650ee90c22be87ca787c9eafac8f 213972 
python3.11_3.11.2-6+deb12u1.debian.tar.xz
 1752dd08056344b26a5ce283b229e362600663c9 9929 
python3.11_3.11.2-6+deb12u1_source.buildinfo
Checksums-Sha256:
 19408998ba5f35d75b0df7dba099c7d0e3401146bca5046f8504f403d5351f29 3199 
python3.11_3.11.2-6+deb12u1.dsc
 e4dafcc39a4023fdeb203cb570c0f83a48ebfc9107435e65eb4c88139ba8ac92 213972 
python3.11_3.11.2-6+deb12u1.debian.tar.xz
 25b24a6cdc723a5bacfab0693a0ee2e7823a5c545cad50053d236ee8696491ad 9929 
python3.11_3.11.2-6+deb12u1_source.buildinfo
Files:
 79659442c26470187594554306ed2c29 3199 python optional 
python3.11_3.11.2-6+deb12u1.dsc
 24b4bf72610899a67ea1db0399df7ccb 213972 python optional 
python3.11_3.11.2-6+deb12u1.debian.tar.xz
 6781ff95db1076b4443c8f50c1a1838b 9929 python optional 
python3.11_3.11.2-6+deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iIoEARYKADIWIQTumtb5BSD6EfafSCRHew2wJjpU2AUCZeOMKxQcc3RlZmFub3JA
ZGViaWFuLm9yZwAKCRBHew2wJjpU2JBTAP0TGLfkJoBD5t71My4pdQJW6nSNcpZT
Yw8as8XKZMgCnAD/QCWDFg7UslDwVWhpFp2hgw9aDyNM26JAAARgCiQxtgk=
=NNSN
-----END PGP SIGNATURE-----

Attachment: pgpSsiQSJ8evJ.pgp
Description: PGP signature


--- End Message ---

Reply via email to