diff --git a/CVE-2024-9287-venv_path_unquoted.patch b/CVE-2024-9287-venv_path_unquoted.patch
index d479c41..f503988 100644
--- a/CVE-2024-9287-venv_path_unquoted.patch
+++ b/CVE-2024-9287-venv_path_unquoted.patch
@@ -1,32 +1,31 @@
-From b6a3bbd155c558cdcda482629073e492437db3d0 Mon Sep 17 00:00:00 2001
-From: y5c4l3 <y5c4l3@proton.me>
-Date: Sat, 28 Sep 2024 02:09:07 +0800
-Subject: [PATCH] Quote template strings in `venv` activation scripts
+From ae0d64cb185900712c40a65d7d8aa118f9903d57 Mon Sep 17 00:00:00 2001
+From: Victor Stinner <vstinner@python.org>
+Date: Fri, 1 Nov 2024 14:11:47 +0100
+Subject: [PATCH] [3.11] gh-124651: Quote template strings in `venv` activation
+ scripts (GH-124712) (GH-126185) (#126269)
 
-This patch properly quotes template strings in `venv` activation
-scripts. This mitigates potential command injection.
-
-Signed-off-by: y5c4l3 <y5c4l3@proton.me>
+(cherry picked from commit ae961ae94bf19c8f8c7fbea3d1c25cc55ce8ae97)
 ---
  Lib/test/test_venv.py                                                   |   81 ++++++++++
  Lib/venv/__init__.py                                                    |   42 ++++-
  Lib/venv/scripts/common/activate                                        |    6 
- Lib/venv/scripts/nt/activate.bat                                        |    6 
+ Lib/venv/scripts/nt/activate.bat                                        |    4 
  Lib/venv/scripts/posix/activate.csh                                     |    6 
+ Lib/venv/scripts/posix/activate.fish                                    |    6 
  Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst |    1 
- 6 files changed, 128 insertions(+), 14 deletions(-)
+ 7 files changed, 130 insertions(+), 16 deletions(-)
  create mode 100644 Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst
 
 --- a/Lib/test/test_venv.py
 +++ b/Lib/test/test_venv.py
-@@ -9,6 +9,7 @@ import ensurepip
- import os
- import os.path
- import re
-+import shlex
- import shutil
- import struct
+@@ -14,6 +14,7 @@ import struct
  import subprocess
+ import sys
+ import tempfile
++import shlex
+ from test.support import (captured_stdout, captured_stderr, requires_zlib,
+                           can_symlink, EnvironmentVarGuard, rmtree,
+                           import_module,
 @@ -85,6 +86,10 @@ class BaseTest(unittest.TestCase):
              result = f.read()
          return result
@@ -178,14 +177,14 @@ Signed-off-by: y5c4l3 <y5c4l3@proton.me>
          return text
  
      def install_scripts(self, context, path):
-@@ -393,6 +424,7 @@ class EnvBuilder:
+@@ -392,6 +423,7 @@ class EnvBuilder:
+                 with open(srcfile, 'rb') as f:
                      data = f.read()
                  if not srcfile.endswith(('.exe', '.pdb')):
++                    context.script_path = srcfile
                      try:
-+                        context.script_path = srcfile
                          data = data.decode('utf-8')
                          data = self.replace_variables(data, context)
-                         data = data.encode('utf-8')
 --- a/Lib/venv/scripts/common/activate
 +++ b/Lib/venv/scripts/common/activate
 @@ -37,11 +37,11 @@ deactivate () {
@@ -222,15 +221,6 @@ Signed-off-by: y5c4l3 <y5c4l3@proton.me>
  
  if not defined PROMPT set PROMPT=$P$G
  
-@@ -16,7 +16,7 @@ if defined _OLD_VIRTUAL_PROMPT set PROMP
- if defined _OLD_VIRTUAL_PYTHONHOME set PYTHONHOME=%_OLD_VIRTUAL_PYTHONHOME%
- 
- set _OLD_VIRTUAL_PROMPT=%PROMPT%
--set PROMPT=__VENV_PROMPT__%PROMPT%
-+set "PROMPT=__VENV_PROMPT__%PROMPT%"
- 
- if defined PYTHONHOME set _OLD_VIRTUAL_PYTHONHOME=%PYTHONHOME%
- set PYTHONHOME=
 @@ -24,7 +24,7 @@ set PYTHONHOME=
  if defined _OLD_VIRTUAL_PATH set PATH=%_OLD_VIRTUAL_PATH%
  if not defined _OLD_VIRTUAL_PATH set _OLD_VIRTUAL_PATH=%PATH%
@@ -262,6 +252,30 @@ Signed-off-by: y5c4l3 <y5c4l3@proton.me>
  endif
  
  alias pydoc python -m pydoc
+--- a/Lib/venv/scripts/posix/activate.fish
++++ b/Lib/venv/scripts/posix/activate.fish
+@@ -29,10 +29,10 @@ end
+ # Unset irrelevant variables.
+ deactivate nondestructive
+ 
+-set -gx VIRTUAL_ENV "__VENV_DIR__"
++set -gx VIRTUAL_ENV __VENV_DIR__
+ 
+ set -gx _OLD_VIRTUAL_PATH $PATH
+-set -gx PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__" $PATH
++set -gx PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__ $PATH
+ 
+ # Unset PYTHONHOME if set.
+ if set -q PYTHONHOME
+@@ -52,7 +52,7 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT"
+         set -l old_status $status
+ 
+         # Output the venv prompt; color taken from the blue of the Python logo.
+-        printf "%s%s%s" (set_color 4B8BBE) "__VENV_PROMPT__" (set_color normal)
++        printf "%s%s%s" (set_color 4B8BBE) __VENV_PROMPT__ (set_color normal)
+ 
+         # Restore the return status of the previous command.
+         echo "exit $old_status" | .
 --- /dev/null
 +++ b/Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst
 @@ -0,0 +1 @@
diff --git a/python39.changes b/python39.changes
index b8cc014..6663e1a 100644
--- a/python39.changes
+++ b/python39.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Nov  1 21:16:32 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
+
+- Update CVE-2024-9287-venv_path_unquoted.patch according to the
+  upstream PR gh#python/cpython!126301.
+
 -------------------------------------------------------------------
 Thu Oct 24 16:09:00 UTC 2024 - Matej Cepl <mcepl@cepl.eu>