Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 674
    • Issues 674
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 167
    • Merge Requests 167
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar

Gitlab has been upgraded to v13.9 🎉. Enjoy

  • alpine
  • aportsaports
  • Merge Requests
  • !18681

Merged
Opened Feb 23, 2021 by Chris Novakovic@chrisnovakovic

[3.10] main/python3: security upgrade to 3.7.10

  • Overview 0
  • Commits 1
  • Pipelines 2
  • Changes 4

Python 3.7.7 is vulnerable to the following CVEs, some of which have been addressed by cherry-picking upstream patches:

  • CVE-2020-8492
  • CVE-2020-14422 (CVE-2020-14422.patch)
  • CVE-2020-26116
  • CVE-2021-3177 (d9b8f138b7df3b455b54653ca59f491b4840d6fa.patch)
  • CVE-2021-23336

Upgrade to Python 3.7.10, which includes fixes for all of these CVEs (thereby making d9b8f138b7df3b455b54653ca59f491b4840d6fa.patch and CVE-2020-14422.patch redundant) and also includes the fix for test_nntplib in test_nntplib.patch.


The impetus for bumping the version number here is because some container security scanning tools are still identifying Alpine 3.10 as vulnerable to CVE-2021-3177, the fix in 7691cb5e notwithstanding.

Assignee
Assign to
Reviewer
Request review from
None
Milestone
None
Assign milestone
Time tracking
Reference: alpine/aports!18681
Source branch: 3.10-stable-python-3.7.10