Bug#1109449: marked as done (/usr/share/doc/python3.13/README.debug: Outdated instructions)

[Debian Bug Tracking System]

Your message dated Thu, 11 Jun 2026 02:35:48 +0000
with message-id <e1wxvgm-0000000bgr4-2...@fasolo.debian.org>
and subject line Bug#1109449: fixed in python3.13 3.13.14-1
has caused the Debian Bug report #1109449,
regarding /usr/share/doc/python3.13/README.debug: Outdated instructions
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1109449: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109449
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: python3.13-dbg
Version: 3.13.5-2
Severity: normal
File: /usr/share/doc/python3.13/README.debug

The file README.debug starts by explaining:

> For debugging python and extension modules, you may want to add the contents
> of /usr/share/doc/python3.13/gdbinit (found in the python3.13-dev package) to 
> your
> ~/.gdbinit file.

But there is no such file. And it seems that gdb picks up the Python
debugging extensions without extra configuration.

-- System Information:
Debian Release: 13.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), 
(500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.12.35+deb13-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=nl_BE.UTF-8, LC_CTYPE=nl_BE.UTF-8 (charmap=UTF-8), 
LANGUAGE=nl_BE:nl
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages python3.13-dbg depends on:
ii  libc6              2.41-9
ii  libexpat1          2.7.1-1
ii  libpython3.13-dbg  3.13.5-2
ii  python3.13         3.13.5-2
ii  zlib1g             1:1.3.dfsg+really1.3.1-1+b1

Versions of packages python3.13-dbg recommends:
ii  gdb  16.3-1

Versions of packages python3.13-dbg suggests:
pn  python3-gdbm-dbg  <none>
pn  python3-tk-dbg    <none>

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: python3.13
Source-Version: 3.13.14-1
Done: Stefano Rivera <stefa...@debian.org>

We believe that the bug you reported is fixed in the latest version of
python3.13, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1109...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stefano Rivera <stefa...@debian.org> (supplier of updated python3.13 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 10 Jun 2026 14:10:12 -0400
Source: python3.13
Architecture: source
Version: 3.13.14-1
Distribution: unstable
Urgency: medium
Maintainer: Matthias Klose <d...@debian.org>
Changed-By: Stefano Rivera <stefa...@debian.org>
Closes: 1101810 1109449 1138157
Changes:
 python3.13 (3.13.14-1) unstable; urgency=medium
 .
   * Python 3.13.14.
     - Avoid crash decompressing untrusted bz2 data. CVE-2026-9669.
     - Don't trust server-provided passive connection addresses in ftplib.
       CVE-2026-8328.
     - Don't allow untrusted tarfile extraction to write outside the
       destination. CVE-2026-7774.
     - Protects against DoS in expat XML parsing. CVE-2026-7210.
     - Avoid use-after-free in decompressors under memory pressure.
       CVE-2026-6100.
     - Base64-encode cookie values embedded in JS. CVE-2026-6019.
     - Protect webbrowser %action substitutions. CVE-2026-4786.
     - Avoid DoS in unicode normalization. CVE-2026-3276.
     - Reject CR/LF in HTTP tunnel request headers. CVE-2026-1502.
     - Fixes reference leaks in ssl.Context. Closes: #1138157.
   * Python 3.13.13 resolved some security issues:
     - Avoid launching webbrowser with attacker controlled options.
       CVE-2026-4519.
     - Avoid C stack overflow in Expat parsing with registered
       ElementDeclHandler. CVE-2026-4224.
     - Reject control characters in Morsel cookies. CVE-2026-3644.
     - Base64 decode no longer ignores data after the first padded quad.
       CVE-2026-3446.
     - Ensure io.open_code is used to read .pyc files. CVE-2026-2297.
     - Skip TarInfo DIRTYPE normalization during GNU long name handling.
       CVE-2025-13462.
 .
   [ Matthias Klose ]
   * Explicitly build-depend on uuid-dev. LP: #2147343.
 .
   [ Colin Watson ]
   * Drop libnsl-dev build-dependency, which is superfluous since the nis
     module was removed in Python 3.13.
 .
   [ Stefano Rivera ]
   * Refresh patches.
   * Drop mention of gdbinit from README.debug. Closes: #1109449.
   * Tidy up python3.X-config manpage. Closes: #1101810.
Checksums-Sha1:
 2c8220840437c8d34a9a8063557d19a6c3b09df9 3697 python3.13_3.13.14-1.dsc
 2c448ef334b33b3a2db9bbc70b9b51b312e1cc32 23021880 
python3.13_3.13.14.orig.tar.xz
 5bf5920ac08e02093c783995d216a721fdef4dbc 963 python3.13_3.13.14.orig.tar.xz.asc
 4b88ee232b124eb4f879f1ff4d203fdf5ff1cca3 261180 
python3.13_3.13.14-1.debian.tar.xz
 8b01e1fb0cf68ca9b8546ce34363b6dddd07de52 9583 
python3.13_3.13.14-1_source.buildinfo
Checksums-Sha256:
 03a7b347861b7e56bae6895f6d0d2f3f4101a5e7d7a247d36ef166eabe17cb75 3697 
python3.13_3.13.14-1.dsc
 639e43243c620a308f968213df9e00f2f8f62332f7adbaa7a7eeb9783057c690 23021880 
python3.13_3.13.14.orig.tar.xz
 81335bb62d1321ae78a4c70ebeb33007e126df3510cebe1f6e2b4b5e6adf5414 963 
python3.13_3.13.14.orig.tar.xz.asc
 cadcb15e1b585c0109a4d3807806d9e02178f0e80fdc8a733b0c836cf2a29bb9 261180 
python3.13_3.13.14-1.debian.tar.xz
 f88f1f328fa752e48d8930d9a9dd70c3aff03506cfabe1a6cd5ecb3203a367c4 9583 
python3.13_3.13.14-1_source.buildinfo
Files:
 d0059d89959d79f4d17a824ddc5c60a7 3697 python optional python3.13_3.13.14-1.dsc
 b080786b09a61ab277632259b9031d3f 23021880 python optional 
python3.13_3.13.14.orig.tar.xz
 d2281a8871f8a5b563fc03e544516e15 963 python optional 
python3.13_3.13.14.orig.tar.xz.asc
 f989966b75711da1b2b226a8d3cea4a4 261180 python optional 
python3.13_3.13.14-1.debian.tar.xz
 2d3003f2c823a678db654020114b2bf5 9583 python optional 
python3.13_3.13.14-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iIoEARYKADIWIQTumtb5BSD6EfafSCRHew2wJjpU2AUCaioYDxQcc3RlZmFub3JA
ZGViaWFuLm9yZwAKCRBHew2wJjpU2NFWAQCgAQW/YK3oVgojFq1myHnnV/YuylTb
HFsugI2VXaibNgD/cwJ3DY8nX0DdyLnXrQ/krBbyGoAbGyHgfaiNUx3xGwI=
=KpCp
-----END PGP SIGNATURE-----

pgpEbF9y3muGR.pgp
Description: PGP signature

--- End Message ---