Am Sun, Feb 01, 2026 at 10:47:59PM +0100 schrieb Andrej Shadura: > Hi, > > As part of my work on Debian LTS, I’ve fixed these CVEs in Python 3.9, > so I went ahead and backported fixes for them for Python 3.11 as well.
CVE-2022-37454 doesn't affect python3.11, this was fixed upstream before it 3.11 was branched off. And there's several cases like e.g. for CVE-2025-11468: |Origin: backport, https://github.com/python/cpython/commit/17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2 Why didn't you use the corresponding fixes from the 3.11 branch instead (where applicable for the issues which were fixed in 3.11)? E.g. for CVE-2025-11468 that would be https://github.com/python/cpython/commit/e9970f077240c7c670e8a6fc6662f2b30d3b6ad0 Cheers, Moritz
