Skip to content
  • Chris Novakovic's avatar
    main/python3: security upgrade to 3.7.10 · ff6a3d6c
    Chris Novakovic authored
    Python 3.7.7 is vulnerable to the following CVEs, some of which have
    been addressed by cherry-picking upstream patches:
    
    * CVE-2020-8492
    * CVE-2020-14422 (CVE-2020-14422.patch)
    * CVE-2020-26116
    * CVE-2021-3177 (d9b8f138b7df3b455b54653ca59f491b4840d6fa.patch)
    * CVE-2021-23336
    
    Upgrade to Python 3.7.10, which includes fixes for all of these CVEs
    (thereby making d9b8f138b7df3b455b54653ca59f491b4840d6fa.patch and
    CVE-2020-14422.patch redundant) and also includes the fix for
    test_nntplib in test_nntplib.patch.
    ff6a3d6c