Your message dated Sat, 04 Jul 2026 17:17:06 +0000
with message-id <[email protected]>
and subject line Bug#1108039: fixed in python3.13 3.13.5-2+deb13u3
has caused the Debian Bug report #1108039,
regarding An object referenced only through it's own __dict__ can get collected 
too early
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1108039: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108039
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: python3.13
Version: 3.13.5-1
Severity: serious

Hi,

Python 3.13 is affected by this bug, referenced upstream:
https://github.com/python/cpython/issues/130327

The result is, in some cases, an object is garbage collected even if there
is a reference to it in a program.

The consequence for OpenStack Nova (ie: compute) is that spawning a VM
simply does not work. Here's the Nova bug entry:
https://bugs.launchpad.net/nova/+bug/2103413

This happens when Nova (OpenStack compute) tries to get credential from
Keystone (OpenStack auth) to talk to Neutron (OpenStack network), in order
to create a network port. It fails to get such credentials, as the object
keystoneauth1.session.SessionClient is garbaged collected due to the bug in
CPython.

This is only a single identified instance of the bug in Nova, though it is
very probable that we have this kind of troubles with many other Python code
in Trixie.

Stefano identified (bisected) the issue to this commit:
https://github.com/python/cpython/commit/c32dc47aca6e8fac152699bc613e015c44ccdba9

and a possible patch could be this one:
https://github.com/python/cpython/pull/130469/files

This patch hasn't been tested (yet).

I hope my bug report is detailed enough. To me, this is a grave RC bug that
must be fixed before the Trixie release. I'm in fact, *VERY* happy that we
have finally discovered what was going on in Nova and OpenStack, I was
desperating to find out. It looks like I'll only need to upload the latest
Eventlet to fix the remaining troubles when this CPython bug if fixed (more
about this later on in another bug entry...).

Cheers,

Thomas Goirand (zigo)

--- End Message ---
--- Begin Message ---
Source: python3.13
Source-Version: 3.13.5-2+deb13u3
Done: Stefano Rivera <[email protected]>

We believe that the bug you reported is fixed in the latest version of
python3.13, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stefano Rivera <[email protected]> (supplier of updated python3.13 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 13 Jun 2026 10:18:01 -0400
Source: python3.13
Architecture: source
Version: 3.13.5-2+deb13u3
Distribution: trixie
Urgency: medium
Maintainer: Matthias Klose <[email protected]>
Changed-By: Stefano Rivera <[email protected]>
Closes: 1108039 1138157
Changes:
 python3.13 (3.13.5-2+deb13u3) trixie; urgency=medium
 .
   [ Stefano Rivera ]
   * Patches:
     - Fix a crash in SNI callback when the SSL object is gone.
     - Fix reference leaks in ssl.SSLContext objects. (Closes: #1138157)
     - Avoid garbage collecting objects too early when sharing __dict__
       (Closes: #1108039)
     - Update the patch for CVE-2026-6019 to use decodeURIComponent.
 .
   [ Moritz Mühlenhoff ]
   * CVE-2026-1502
   * CVE-2026-3276
   * CVE-2026-7774
   * CVE-2026-8328
   * CVE-2026-9669
Checksums-Sha1:
 04defc6b604f4324962dffe506f1d8ffcd8c1e1d 3721 python3.13_3.13.5-2+deb13u3.dsc
 11afa083b71c9f1b5e03a35ba0a7a7525f9255ca 295440 
python3.13_3.13.5-2+deb13u3.debian.tar.xz
 a289325ba76f9b89be35137214e1dc59ff8198fe 9914 
python3.13_3.13.5-2+deb13u3_source.buildinfo
Checksums-Sha256:
 2f6c3f83cd3de0355f4411807871a95f99a0aae9b397daba5dbdbf1bd5169cc8 3721 
python3.13_3.13.5-2+deb13u3.dsc
 8e9ed35b583e093f80fbcd53bf3de9245c8070cc5ea9b36e5f34d3a45bff73e9 295440 
python3.13_3.13.5-2+deb13u3.debian.tar.xz
 dd4e76440279d5275e2661dad7e2657ce5b7c05f1164235a3361d16fda7f824e 9914 
python3.13_3.13.5-2+deb13u3_source.buildinfo
Files:
 7a825a024e6be72b2d096daf406f0312 3721 python optional 
python3.13_3.13.5-2+deb13u3.dsc
 d83b9e9c7ba756c6a2b3a8369d7bbbd5 295440 python optional 
python3.13_3.13.5-2+deb13u3.debian.tar.xz
 955bf77430750e4ce1c003b11239940f 9914 python optional 
python3.13_3.13.5-2+deb13u3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iIoEARYKADIWIQTumtb5BSD6EfafSCRHew2wJjpU2AUCai1myxQcc3RlZmFub3JA
ZGViaWFuLm9yZwAKCRBHew2wJjpU2AAFAQC/F3JT85w/cv6uDk751KeuNCyReRNY
QlgvM6qnf0RDWAEAtEsiiy6Qh1nU40oAxt3nouclvdjzC+Ex3530ULUFjAM=
=nhAp
-----END PGP SIGNATURE-----

Attachment: pgpOdd4tVEI7t.pgp
Description: PGP signature


--- End Message ---

Reply via email to