Hi, I checked the vulnerabilities that I'm tracking at https://python-security.readthedocs.io/vulnerabilities.html
I noticed that https://bugs.python.org/issue39603 "http.client: HTTP Header Injection in the HTTP method" lacks a fix in the 3.5 branch. I backported the fix to 3.5: https://github.com/python/cpython/pull/21946 Victor Le sam. 22 août 2020 à 05:23, Larry Hastings <[email protected]> a écrit : > > > On behalf of the Python development community, I'm pleased to finally > announce the availability of Python 3.5.10rc1. > > Python 3.5 is in "security fixes only" mode. This new version only contains > security fixes, not conventional bug fixes, and it is a source-only release. > > Important Notice: The latest releases of Linux (Ubuntu 20.04, Fedora 32) ship > with a new version of OpenSSL. New versions of OpenSSL often include > upgraded configuration requirements to maintain network security; this new > version no longer finds Python 3.5's OpenSSL configuration acceptable. As a > result, most or all secure-transport networking libraries are broken in this > release on systems where this new version of OpenSSL is deployed. This > means, for example, that seven (7) of the regression tests in the test suite > now regularly fail. Older versions of Linux, with older versions of OpenSSL > installed, are unaffected. We're aware of the problem. Unfortunately, as > 3.5 is nearly completely out of support, it has become very low priority, and > we've been unable to find the resources to get the problem fixed. It's > possible that these problems simply won't be fixed in 3.5 before it reaches > its end-of-life. As always we recommend upgrading to the latest Python > release wherever possible. > > > You can find Python 3.5.10rc1 here: > > https://www.python.org/downloads/release/python-3510rc1/ > > > > Cheers, > > > /arry > _______________________________________________ > python-committers mailing list -- [email protected] > To unsubscribe send an email to [email protected] > https://mail.python.org/mailman3/lists/python-committers.python.org/ > Message archived at > https://mail.python.org/archives/list/[email protected]/message/3Z6X4LPSNRHHW4QPLLAVSNYY6CS6DDNR/ > Code of Conduct: https://www.python.org/psf/codeofconduct/ -- Night gathers, and now my watch begins. It shall not end until my death. _______________________________________________ Python-Dev mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/[email protected]/message/KARM2WRI5HVDP4WGOMWH3INW2QKI7Z3C/ Code of Conduct: http://python.org/psf/codeofconduct/