This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author ned.deily
Recipients arunman, ned.deily
Date 2021-08-02.06:42:14
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1627886534.88.0.083205730526.issue44804@roundup.psfhosted.org>
In-reply-to
Content 
Sorry you are running into this problem. Alas, Python 3.6 has been in the "security-fix-only" phase of its life cycle for over 2.5 years now and will reach end-of-life in several months at the end of 2021. Our criteria for changes to a "security" branch are:
"The only changes made to a security branch are those fixing issues exploitable by attackers such as crashes, privilege escalation and, optionally, other issues such as denial of service attacks. Any other changes are not considered a security risk and thus not backported to a security branch."

The problem referenced here does not seem to meet those criteria and thus the original fix was not considered for backporting to current security branches, i.e. 3.8, 3.7, and 3.6. Unless it can be shown that the problem can be exploited as an attack vector, it is not eligible to be officially backported to 3.6.

However, there is nothing stopping either you or a downstream supplier of Python 3.6 (like RedHat) from backporting it yourselves.

https://devguide.python.org/devcycle/#security-branches
History
Date User Action Args
2021-08-02 06:42:14ned.deilysetrecipients: + ned.deily, arunman
2021-08-02 06:42:14ned.deilysetmessageid: <1627886534.88.0.083205730526.issue44804@roundup.psfhosted.org>
2021-08-02 06:42:14ned.deilylinkissue44804 messages
2021-08-02 06:42:14ned.deilycreate