Repeating from sibling post to make sure I'm not leaving any misinformation spread.
It looks like they finished fixing it last week and it looks like it was only a high. When I first ran into it in audit reports python said it wasn't a defect in python, just how it was used, but they would change it in 3.11.4 but no official backports. The bugzilla issue for 7 and 8 said they couldn't fix it without breaking things, so they wouldn't. It seems they found a way. https://access.redhat.com/security/cve/cve-2023-24329
It looks like they finished fixing it last week and it looks like it was only a high. When I first ran into it in audit reports python said it wasn't a defect in python, just how it was used, but they would change it in 3.11.4 but no official backports. The bugzilla issue for 7 and 8 said they couldn't fix it without breaking things, so they wouldn't. It seems they found a way. https://access.redhat.com/security/cve/cve-2023-24329