1708419 – Update Python 3 to 3.6.9 [rhscl-3.4.0]

Bug 1708419 - Update Python 3 to 3.6.9 [rhscl-3.4.0]

Summary: Update Python 3 to 3.6.9 [rhscl-3.4.0]

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Software Collections
Classification:	Red Hat
Component:	python
Sub Component:
Version:	rh-python36
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	alpha
Target Release:	3.3
Assignee:	Python Maintainers
QA Contact:	RHEL CS Apps Subsystem QE
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1563452 1563488 1636841 1670066 1709344 1709350 1709351 1709355 1709356
TreeView+	depends on / blocked

Reported:	2019-05-09 20:28 UTC by Charalampos Stratakis
Modified:	2019-12-19 16:50 UTC (History)
CC List:	4 users (show)
Fixed In Version:	rh-python36-python-3.6.9-1.el6 rh-python36-python-3.6.9-1.el7
Doc Type:	Rebase: Bug Fixes Only
Doc Text:	The following packages have been upgraded to a later upstream version: rh-python36-python (3.6.9). (BZ#1709344) Security Fix(es): * python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061) * python: Missing salt initialization in _elementtree.c module (CVE-2018-14647) * python: Cookie domain check returns incorrect results (CVE-2018-20852) * python: NULL pointer dereference using a specially crafted X509 certificate (CVE-2019-5010) * python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740) * python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947) * python: email.utils.parseaddr wrongly parses email addresses (CVE-2019-16056) * python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060) * python: Integer overflow in Modules/_pickle.c allows for memory exhaustion if serializing gigabytes of data (CVE-2018-20406) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * urlsplit doesn't accept a NFKD hostname with a port number (BZ#1709340) * rh-python36 cannot unpickle datetime.date objects (BZ#1749103)
Clone Of:
Clones:	1709344 (view as bug list)
Environment:
Last Closed:	2019-12-19 16:50:34 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Charalampos Stratakis 2019-05-09 20:28:43 UTC

The latest version of the 3.6 series offers numerous bug fixes, including the resolution of many security issues. It will also align the RHEL 8 python3 version with Software Collections.

Changelog: https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-8-final

Comment 2 Tomas Orsava 2019-08-29 10:42:22 UTC

Hey Charris,
just FYI this bug already has an Errata created in advance: https://errata.devel.redhat.com/errata/details/42492
If it's not appropriate, let me know, we can close it.

Note You need to log in before you can comment on or make changes to this bug.