[3.10] main/python3: security upgrade to 3.7.10
Python 3.7.7 is vulnerable to the following CVEs, some of which have been addressed by cherry-picking upstream patches:
- CVE-2020-8492
- CVE-2020-14422 (
CVE-2020-14422.patch
) - CVE-2020-26116
- CVE-2021-3177 (
d9b8f138b7df3b455b54653ca59f491b4840d6fa.patch
) - CVE-2021-23336
Upgrade to Python 3.7.10, which includes fixes for all of these CVEs (thereby making d9b8f138b7df3b455b54653ca59f491b4840d6fa.patch
and CVE-2020-14422.patch
redundant) and also includes the fix for test_nntplib
in test_nntplib.patch
.
The impetus for bumping the version number here is because some container security scanning tools are still identifying Alpine 3.10 as vulnerable to CVE-2021-3177, the fix in 7691cb5e notwithstanding.