-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 14 Apr 2026 11:38:32 +0700 Source: python3.9 Architecture: source Version: 3.9.2-1+deb11u6 Distribution: bullseye-security Urgency: medium Maintainer: Matthias Klose <doko@debian.org> Changed-By: Arnaud Rebillout <arnaudr@debian.org> Changes: python3.9 (3.9.2-1+deb11u6) bullseye-security; urgency=medium . * Revert fixes for CVE-2025-15366 and CVE-2025-15367. It was found that those changes break backward compatibility, and upstream didn't backport it to any branch. More details can be found in discussions on the upstream bugtracker (issues and merge requests). * Apply upstream patch for the following CVE: - CVE-2026-6100: Use-after-free (UAF) was possible in the `lzma.LZMADecompressor` and `bz2.BZ2Decompressor` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. Checksums-Sha1: f534396f43d3c3ef756ede8b0360fbd1483911ab 3641 python3.9_3.9.2-1+deb11u6.dsc 110ca5bca7989f9558a54ee6762e6774a4b9644a 18889164 python3.9_3.9.2.orig.tar.xz 25ff6a4fd8aefdeca6d65a26a2f3a0787ae95d61 301892 python3.9_3.9.2-1+deb11u6.debian.tar.xz 5210bb177bd01089553305ae774e1b35af572bc9 6477 python3.9_3.9.2-1+deb11u6_source.buildinfo Checksums-Sha256: edf7deac304a1c6d1aa5840086e3ce3d4740a6a4fe81b08c71396dc78bd37976 3641 python3.9_3.9.2-1+deb11u6.dsc 3c2034c54f811448f516668dce09d24008a0716c3a794dd8639b5388cbde247d 18889164 python3.9_3.9.2.orig.tar.xz 0908a871b76cd13febe8eb03737e1df8fd6ffdf46acd7c9ed7bc252b9d4006be 301892 python3.9_3.9.2-1+deb11u6.debian.tar.xz 3966af25caa070aaa0ba97a960e0877e04e9143f2b1c628053e57c6e0fe9b5f9 6477 python3.9_3.9.2-1+deb11u6_source.buildinfo Files: 03291ad807e1149fe61d9e0916cea3e5 3641 python optional python3.9_3.9.2-1+deb11u6.dsc f0dc9000312abeb16de4eccce9a870ab 18889164 python optional python3.9_3.9.2.orig.tar.xz ab89e5f6e1db3f37339922895b804ab5 301892 python optional python3.9_3.9.2-1+deb11u6.debian.tar.xz 04b21122f31c4477c317de48146a8198 6477 python optional python3.9_3.9.2-1+deb11u6_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJHBAEBCgAxFiEE0Kl7ndbut+9n4bYs5yXoeRRgAhYFAmnfXIgTHGFybmF1ZHJA ZGViaWFuLm9yZwAKCRDnJeh5FGACFh8fD/9sS+52BZTo69cCRbZG03il3VmIr5F9 6XiGdTyzjH0JrxMNTIkaVLWbFb5GMTdHtSEJT4G9FAZ+pFjLbPykGZVsZ4cDz7/3 OCYDfQCXRiZe4tryzUIZ9x2B9QdVo4a2+WXRfPN3krnMH/nvarYjeVsB/vqhqF9J lLEDHEMi9ZES8MSTOqQhiiMztGJxOycqgUlPRoUzTq9iYu7UhpWUbMoww5MLEJqF SHG3FQnMZj0n1FWLkhrjnaRAnBCqURcYk8kHNcaJbgFflM4JGvSsWifM7XAbuEDV e9KYoFKR95kUKcpCcDg22JaUW0X64Jzs7togPB3THN+zqPL7vZiB8sxvjMXWxpk3 3NNWUnptwYEAIFNt7egwIANts1pZZsEIS/FJk7VgQ7b1kKDld6QcmX+aHuoCWLJP dQXTw31zrB+UzsGd1UN1b/HyPMv2y3l4EBei6BjLLbF7cfU6Fe2G8VLnqspU8A1d Gbj4U/q0z5CtML6FBFhz9eksnzm0VKLKLLdkQhn6iZUqotWaoB2jOZYL1Yb0Er4k NYHkXTmiBM2kkpVSAAt06MtvSl5WOfNJw/GUx/jGo/K5PkVPCgqyG4LcaX7E5EHA C6GzfU5LDxCt+Zq6e4mzdOIz/vn1HF5IfOipHSSwhQSVYr16Zo4CH+TlN8x6YvSU hxAC4HDnnibRmw== =ACtT -----END PGP SIGNATURE-----
