[Python-Dev] Proposed dates for Python 3.4.10 and Python 3.5.7

Miro Hrončok mhroncok at redhat.com
Fri Feb 15 06:01:15 EST 2019

On 15. 02. 19 3:29, Larry Hastings wrote:
> If you have 
> anything you think needs to go into the next 3.5, or the final 3.4, and it's 
> /not/ listed above, please either file a GitHub PR, file a release-blocker bug 
> on bpo, or email me directly.

I've checked Fedora CVE bugs against python 3.4 and 3.5. Here is one missing I 

CVE-2018-20406 https://bugs.python.org/issue34656
memory exhaustion in Modules/_pickle.c:1393
Marked as resolved, but I don't see it fixed on 3.5 or 3.4.

Should we get it fixed? openSUSE AFAK has backported the patch.

Miro Hrončok
Phone: +420777974800
IRC: mhroncok

More information about the Python-Dev mailing list