Bug 1708419 - Update Python 3 to 3.6.9 [rhscl-3.4.0]
Summary: Update Python 3 to 3.6.9 [rhscl-3.4.0]
Alias: None
Product: Red Hat Software Collections
Classification: Red Hat
Component: python
Version: rh-python36
Hardware: Unspecified
OS: Unspecified
Target Milestone: alpha
: 3.3
Assignee: Python Maintainers
QA Contact: RHEL CS Apps Subsystem QE
Depends On:
Blocks: 1563452 1563488 1636841 1670066 1709344 1709350 1709351 1709355 1709356
TreeView+ depends on / blocked
Reported: 2019-05-09 20:28 UTC by Charalampos Stratakis
Modified: 2019-12-19 16:50 UTC (History)
4 users (show)

Fixed In Version: rh-python36-python-3.6.9-1.el6 rh-python36-python-3.6.9-1.el7
Doc Type: Rebase: Bug Fixes Only
Doc Text:
The following packages have been upgraded to a later upstream version: rh-python36-python (3.6.9). (BZ#1709344) Security Fix(es): * python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061) * python: Missing salt initialization in _elementtree.c module (CVE-2018-14647) * python: Cookie domain check returns incorrect results (CVE-2018-20852) * python: NULL pointer dereference using a specially crafted X509 certificate (CVE-2019-5010) * python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740) * python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947) * python: email.utils.parseaddr wrongly parses email addresses (CVE-2019-16056) * python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060) * python: Integer overflow in Modules/_pickle.c allows for memory exhaustion if serializing gigabytes of data (CVE-2018-20406) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * urlsplit doesn't accept a NFKD hostname with a port number (BZ#1709340) * rh-python36 cannot unpickle datetime.date objects (BZ#1749103)
Clone Of:
: 1709344 (view as bug list)
Last Closed: 2019-12-19 16:50:34 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Charalampos Stratakis 2019-05-09 20:28:43 UTC
The latest version of the 3.6 series offers numerous bug fixes, including the resolution of many security issues. It will also align the RHEL 8 python3 version with Software Collections.

Changelog: https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-8-final

Comment 2 Tomas Orsava 2019-08-29 10:42:22 UTC
Hey Charris,
just FYI this bug already has an Errata created in advance: https://errata.devel.redhat.com/errata/details/42492
If it's not appropriate, let me know, we can close it.

Note You need to log in before you can comment on or make changes to this bug.