doc(python-3.1[123]): Add pending-upstream-fix CVE-2025-13836 (#27768)

python-3.11 Upstream Fix PR: python/cpython#142141
python-3.12 Upstream Fix PR: python/cpython#142140
python-3.13 Upstream Fix PR: python/cpython#142139
python-3.13 Local Fix PR: wolfi-dev/os#75166

Signed-off-by: Vivian Rook <vivian.rook@chainguard.dev>

Author: vivian-rook

python-3.11.advisories.yaml

@@ -423,6 +423,10 @@ advisories:
             componentType: apk
             componentLocation: /.PKGINFO
             scanner: grype
+      - timestamp: 2025-12-08T15:06:57Z
+        type: pending-upstream-fix
+        data:
+          note: 'Upstream are actively working on, and have a PR open regarding this issue. Upstream maintainers will need to approve and merge the PR.  Fix PR: https://github.com/python/cpython/pull/142141'
 
   - id: CGA-v7vq-q3hm-p8cq
     aliases:

python-3.12.advisories.yaml

@@ -451,6 +451,10 @@ advisories:
             componentType: apk
             componentLocation: /.PKGINFO
             scanner: grype
+      - timestamp: 2025-12-08T15:07:39Z
+        type: pending-upstream-fix
+        data:
+          note: 'Upstream are actively working on, and have a PR open regarding this issue. Upstream maintainers will need to approve and merge the PR.  Fix PR: https://github.com/python/cpython/pull/142140'
 
   - id: CGA-w8x7-4w8c-66cp
     aliases:

python-3.13.advisories.yaml

@@ -222,6 +222,10 @@ advisories:
             componentType: apk
             componentLocation: /.PKGINFO
             scanner: grype
+      - timestamp: 2025-12-08T15:19:19Z
+        type: pending-upstream-fix
+        data:
+          note: 'Upstream has patched this, but has yet to release a new point version including the patch. Awaiting new release. Patch PR: https://github.com/python/cpython/pull/142139 We have included the patch locally in: https://github.com/wolfi-dev/os/pull/75166'
 
   - id: CGA-gf9w-x54c-mr2x
     aliases: