Roundup Robot added the comment:
New changeset 4ca84a3e37d7 by Benjamin Peterson in branch '2.7':
do not decref value borrowed from list (closes #27774)
https://hg.python.org/cpython/rev/4ca84a3e37d7
New changeset cbf2a05648b3 by Benjamin Peterson in branch '3.3':
do not decref value borrowed
New submission from Benjamin Peterson:
Thomas E Hybel reports:
This vulnerability exists in the function _sre_SRE_Match_groupdict_impl which
resides in the /Modules/_sre.c file.
The problem is that the code calls Py_DECREF(key); without having done a
corresponding Py_INCREF on the key.
Here's