Skip to content

[3.10] main/python3: security upgrade to 3.7.10

Python 3.7.7 is vulnerable to the following CVEs, some of which have been addressed by cherry-picking upstream patches:

  • CVE-2020-8492
  • CVE-2020-14422 (CVE-2020-14422.patch)
  • CVE-2020-26116
  • CVE-2021-3177 (d9b8f138b7df3b455b54653ca59f491b4840d6fa.patch)
  • CVE-2021-23336

Upgrade to Python 3.7.10, which includes fixes for all of these CVEs (thereby making d9b8f138b7df3b455b54653ca59f491b4840d6fa.patch and CVE-2020-14422.patch redundant) and also includes the fix for test_nntplib in test_nntplib.patch.


The impetus for bumping the version number here is because some container security scanning tools are still identifying Alpine 3.10 as vulnerable to CVE-2021-3177, the fix in 7691cb5e notwithstanding.

Merge request reports