Package: python3.11 Version: 3.11.2-6 Tags: bookworm fixed-upstream patch upstream
Python 3.11.0 through 3.11.4 have a use-after-free condition when deallocating a stack frame object, manifesting as a SIGSEGV crash under certain conditions on the current position of the stack pointer and the number and depth of allocated objects. This potentially affects any Python application, and is known to affect the Zulip chat server. This is a regression from 3.10.x (hence also from 3.9.x in Debian 11), and is fixed in 3.11.5 which is now in Debian testing. Please apply this fix in Debian 12. Upstream issue: https://github.com/python/cpython/issues/106092 Test case: https://github.com/andersk/python-segfault Patch from 3.11.5: https://github.com/python/cpython/pull/107533 Thanks, Anders