diff --git a/main/python3/APKBUILD b/main/python3/APKBUILD
index 8097d75c619..0a906a05ef8 100644
--- a/main/python3/APKBUILD
+++ b/main/python3/APKBUILD
@@ -2,9 +2,9 @@
 # Contributor: Sheila Aman <sheila@vulpine.house>
 pkgname=python3
 # the python3-tkinter's pkgver needs to be synchronized with this.
-pkgver=3.12.8
+pkgver=3.12.9
 _basever="${pkgver%.*}"
-pkgrel=1
+pkgrel=0
 pkgdesc="High-level scripting language"
 url="https://www.python.org/"
 arch="all"
@@ -46,12 +46,13 @@ source="https://www.python.org/ftp/python/$pkgver/Python-$pkgver.tar.xz
 	musl-find_library.patch
 	test_posix-nodev-disable.patch
 	fix-run_fileexflags-test.patch
-	CVE-2024-12254.patch
 	"
 options="net" # Required for tests
 builddir="$srcdir/Python-$pkgver"
 
 # secfixes:
+#   3.12.9-r0:
+#     - CVE-2025-0938
 #   3.12.8-r1:
 #     - CVE-2024-12254
 #   3.12.8-r0:
@@ -267,10 +268,9 @@ pyc2() {
 }
 
 sha512sums="
-406ce1146c4c2c70d252df56bbe9e5970ef469395cbaa211a96af71f32de2cf7abd944906920cc18b4a470027e63a3f64bf7679fb4954b31bf4ca4baf24fa370  Python-3.12.8.tar.xz
+c840b14aa21e6a963d18c06ebaafb551d9c9a101b3866417e762fc4a2fde071a7a25fa257faba2956c7344bbc2413ed61690a712d26fba4d0dbeaa50e49b2574  Python-3.12.9.tar.xz
 46dd8230ee2ab66e9c4157c10b2bd9c414fd7f30be0bee73e21a9eea88f63fff362d47828e0fc77ddc59df097b414b21505f8b5f98bc866381115c58ae3f4862  externally-managed
 ab8eaa2858d5109049b1f9f553198d40e0ef8d78211ad6455f7b491af525bffb16738fed60fc84e960c4889568d25753b9e4a1494834fea48291b33f07000ec2  musl-find_library.patch
 606cf7b3df0c81c90571c6bc65e4f07e065867739fa0d36e9c8e1ad2d6bcd64d265f90c4a7881880fc7e0c85eed94d1f72655a5c70d92ca63e5cc4bd3be8f145  test_posix-nodev-disable.patch
 0e1155b1976be46d68fe50161b9644ac272d95c51f44ada51a0fd67a0154df89833752e97cfc85e977b384fca82b58907c30405a103f3a33a1483b9f76ce632f  fix-run_fileexflags-test.patch
-594bca29856d481960c7caae45efcfe64dbc1f53b00d58c1aa560fdedb5d15794db9b66f7f3b6edc9a9b81d553a7299e61063b200e2f2fe52e0028bbc78a78fd  CVE-2024-12254.patch
 "
diff --git a/main/python3/CVE-2024-12254.patch b/main/python3/CVE-2024-12254.patch
deleted file mode 100644
index 985d8762120..00000000000
--- a/main/python3/CVE-2024-12254.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-https://github.com/python/cpython/issues/127655
-
-From 5d355244e7c4f5d64216647ee0bf510dd8dc2bd6 Mon Sep 17 00:00:00 2001
-From: "J. Nick Koston" <nick@koston.org>
-Date: Thu, 5 Dec 2024 22:33:03 -0600
-Subject: [PATCH] gh-127655: Ensure `_SelectorSocketTransport.writelines`
- pauses the protocol if needed (GH-127656)
-
-Ensure `_SelectorSocketTransport.writelines` pauses the protocol if it reaches the high water mark as needed.
-(cherry picked from commit e991ac8f2037d78140e417cc9a9486223eb3e786)
-
-Co-authored-by: J. Nick Koston <nick@koston.org>
-Co-authored-by: Kumar Aditya <kumaraditya@python.org>
----
- Lib/asyncio/selector_events.py                       |  1 +
- Lib/test/test_asyncio/test_selector_events.py        | 12 ++++++++++++
- .../2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst   |  1 +
- 3 files changed, 14 insertions(+)
- create mode 100644 Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst
-
-diff --git a/Lib/asyncio/selector_events.py b/Lib/asyncio/selector_events.py
-index 790711f834096b..dd79ad18df3b18 100644
---- a/Lib/asyncio/selector_events.py
-+++ b/Lib/asyncio/selector_events.py
-@@ -1183,6 +1183,7 @@ def writelines(self, list_of_data):
-         # If the entire buffer couldn't be written, register a write handler
-         if self._buffer:
-             self._loop._add_writer(self._sock_fd, self._write_ready)
-+            self._maybe_pause_protocol()
- 
-     def can_write_eof(self):
-         return True
-diff --git a/Lib/test/test_asyncio/test_selector_events.py b/Lib/test/test_asyncio/test_selector_events.py
-index 47693ea4d3ce2e..736c19796ef3fc 100644
---- a/Lib/test/test_asyncio/test_selector_events.py
-+++ b/Lib/test/test_asyncio/test_selector_events.py
-@@ -805,6 +805,18 @@ def test_writelines_send_partial(self):
-         self.assertTrue(self.sock.send.called)
-         self.assertTrue(self.loop.writers)
- 
-+    def test_writelines_pauses_protocol(self):
-+        data = memoryview(b'data')
-+        self.sock.send.return_value = 2
-+        self.sock.send.fileno.return_value = 7
-+
-+        transport = self.socket_transport()
-+        transport._high_water = 1
-+        transport.writelines([data])
-+        self.assertTrue(self.protocol.pause_writing.called)
-+        self.assertTrue(self.sock.send.called)
-+        self.assertTrue(self.loop.writers)
-+
-     @unittest.skipUnless(selector_events._HAS_SENDMSG, 'no sendmsg')
-     def test_write_sendmsg_full(self):
-         data = memoryview(b'data')
-diff --git a/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst b/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst
-new file mode 100644
-index 00000000000000..76cfc58121d3bd
---- /dev/null
-+++ b/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst
-@@ -0,0 +1 @@
-+Fixed the :class:`!asyncio.selector_events._SelectorSocketTransport` transport not pausing writes for the protocol when the buffer reaches the high water mark when using :meth:`asyncio.WriteTransport.writelines`.