Here’s a debdiff for 3.11.2-6 in bookworm adding the upstream patch. Anders
________________________________________ From: Anders Kaseorg <ande...@mit.edu> Sent: Tuesday, August 29, 2023 19:12 To: sub...@bugs.debian.org Subject: Use-after-free crash when deallocating a frame object Package: python3.11 Version: 3.11.2-6 Tags: bookworm fixed-upstream patch upstream Python 3.11.0 through 3.11.4 have a use-after-free condition when deallocating a stack frame object, manifesting as a SIGSEGV crash under certain conditions on the current position of the stack pointer and the number and depth of allocated objects. This potentially affects any Python application, and is known to affect the Zulip chat server. This is a regression from 3.10.x (hence also from 3.9.x in Debian 11), and is fixed in 3.11.5 which is now in Debian testing. Please apply this fix in Debian 12. Upstream issue: https://github.com/python/cpython/issues/106092 Test case: https://github.com/andersk/python-segfault Patch from 3.11.5: https://github.com/python/cpython/pull/107533 Thanks, Anders
python3.11_3.11.2-6_frame_dealloc.debdiff
Description: python3.11_3.11.2-6_frame_dealloc.debdiff