Bug 1708419

Summary: Update Python 3 to 3.6.9 [rhscl-3.4.0]
Product: Red Hat Software Collections Reporter: Charalampos Stratakis <cstratak>
Component: pythonAssignee: Python Maintainers <python-maint>
Status: CLOSED CURRENTRELEASE QA Contact: RHEL CS Apps Subsystem QE <rhel-cs-apps-subsystem-qe>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rh-python36CC: bgollahe, hhorak, tborcin, torsava
Target Milestone: alphaKeywords: Rebase
Target Release: 3.3   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: rh-python36-python-3.6.9-1.el6 rh-python36-python-3.6.9-1.el7 Doc Type: Rebase: Bug Fixes Only
Doc Text:
The following packages have been upgraded to a later upstream version: rh-python36-python (3.6.9). (BZ#1709344) Security Fix(es): * python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061) * python: Missing salt initialization in _elementtree.c module (CVE-2018-14647) * python: Cookie domain check returns incorrect results (CVE-2018-20852) * python: NULL pointer dereference using a specially crafted X509 certificate (CVE-2019-5010) * python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740) * python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947) * python: email.utils.parseaddr wrongly parses email addresses (CVE-2019-16056) * python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060) * python: Integer overflow in Modules/_pickle.c allows for memory exhaustion if serializing gigabytes of data (CVE-2018-20406) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * urlsplit doesn't accept a NFKD hostname with a port number (BZ#1709340) * rh-python36 cannot unpickle datetime.date objects (BZ#1749103)
Story Points: ---
Clone Of:
: 1709344 (view as bug list) Environment:
Last Closed: 2019-12-19 16:50:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1563452, 1563488, 1636841, 1670066, 1709344, 1709350, 1709351, 1709355, 1709356    

Description Charalampos Stratakis 2019-05-09 20:28:43 UTC
The latest version of the 3.6 series offers numerous bug fixes, including the resolution of many security issues. It will also align the RHEL 8 python3 version with Software Collections.

Changelog: https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-8-final

Comment 2 Tomas Orsava 2019-08-29 10:42:22 UTC
Hey Charris,
just FYI this bug already has an Errata created in advance: https://errata.devel.redhat.com/errata/details/42492
If it's not appropriate, let me know, we can close it.