1. Forum
  2. Newsgroups
  3. comp.lang.python.announce

  • [Python-announce] [RELEASE] Python versions 3.10.7, 3.9.14, 3.8.14, 3.7.14 now available with security content

    From =?utf-8?Q?=C5=81ukasz_Langa?=@lukasz@langa.pl to comp.lang.python.announce on Wed Sep 7 15:12:53 2022
    From Newsgroup: comp.lang.python.announce


    --Apple-Mail=_5F97EBC3-9C38-428E-BC42-935C9EA8E284
    Content-Transfer-Encoding: quoted-printable
    Content-Type: text/plain;
    charset=utf-8

    We have some security content, and plenty of regular bug fixes for 3.10. = Let=E2=80=99s dive right in.

    =
    <https://discuss.python.org/#cve-2020-10735httpscvemitreorgcgi-bincvenamec= ginamecve-2020-10735-1>CVE-2020-10735 = <https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2020-10735>
    Converting between int and str in bases other than 2 (binary), 4, 8 =
    (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a = ValueError = <https://docs.python.org/release/3.10.7/whatsnew/3.10.html#notable-securit= y-feature-in-3-10-7> if the number of digits in string form is above a =
    limit to avoid potential denial of service attacks due to the =
    algorithmic complexity.

    Security releases for 3.9.14, 3.8.14, and 3.7.14 are made available = simultaneously to address this issue, along with some less urgent =
    security content.

    Upgrading your installations is highly recommended.

    <https://discuss.python.org/#python-3107-2>Python 3.10.7

    Get it here:

    https://www.python.org/downloads/release/python-3107/ = <https://www.python.org/downloads/release/python-3107/>


    This bugfix version of Python was released out-of-schedule to address =
    the CVE, and as such contains a smaller number of changes compared to =
    3.10.6 (200 commits), or in fact 3.9.7 (187 commits) at the same stage =
    of the release cycle a year ago. But there=E2=80=99s still over a 100 =
    commits in this latest Python version so it=E2=80=99s worth checking out =
    the change log = <https://docs.python.org/release/3.10.7/whatsnew/changelog.html>.

    =
    <https://discuss.python.org/#and-now-for-something-completely-different-3>=
    And now for something completely different

    In quantum mechanics, the uncertainty principle (also known as = Heisenberg=E2=80=99s uncertainty principle) is any of a variety of = mathematical inequalities asserting a fundamental limit to the accuracy =
    with which the values for certain pairs of physical quantities of a =
    particle, such as position and momentum or the time and the energy can =
    be predicted from initial conditions.

    Such variable pairs are known as complementary variables or canonically = conjugate variables; and, depending on interpretation, the uncertainty = principle limits to what extent such conjugate properties maintain their = approximate meaning, as the mathematical framework of quantum physics =
    does not support the notion of simultaneously well-defined conjugate = properties expressed by a single value.

    The uncertainty principle implies that it is in general not possible to = predict the value of a quantity with arbitrary certainty, even if all =
    initial conditions are specified.

    <https://discuss.python.org/#we-hope-you-enjoy-the-new-releases-4>We =
    hope you enjoy the new releases!

    Thanks to all of the many volunteers who help make Python Development =
    and these releases possible! Please consider supporting our efforts by = volunteering yourself or through organization contributions to the =
    Python Software Foundation.

    Your friendly release team,

    Ned Deily @nad <https://discuss.python.org/u/nad>
    Steve Dower @steve.dower <https://discuss.python.org/u/steve.dower>
    Pablo Galindo Salgado @pablogsal =
    <https://discuss.python.org/u/pablogsal>
    =C5=81ukasz Langa @ambv <https://discuss.python.org/u/ambv>

    --Apple-Mail=_5F97EBC3-9C38-428E-BC42-935C9EA8E284
    Content-Transfer-Encoding: 7bit
    Content-Disposition: attachment;
    filename=signature.asc
    Content-Type: application/pgp-signature;
    name=signature.asc
    Content-Description: Message signed with OpenPGP

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCAAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmMYmNUACgkQsmmV4xAl BWi1eQ//UNncZPb0IQdLVo0XXJvd/YlE25KZngMz1pJJVLheYSyYoX25FbaMg05+ IDTb6mYS4CW7G6j0D81Jxtn47GLd1tvHDlW/uzoUsmv1+VtpwLW0VKVENDMsmrOD Vr9+t1KAh/0Mz8n7pX3JTJRvuKs1r6flroV07oKD2gdWaS1VwE6hrz45okCQUF4B dGKIoAEfx2hehCfKzdsVj03TLwJTcBTaaqZoFy813FicmCK2vo5JggW476mcD9zj CBY0X3WAM0Hyejh4h50jb895hXbZVvxwiEuouTE7SnvC6wrfjlbCh0Zs8WT0z4oO Pf/kPhxS/JHDQOe3Fu4LlzNsw3yF6mbKY82hGCaf7fmn5orWMjEiymhVZ5uc4Fu+ Psl6MqdUw3ap2ZlQ83uvSpHyE5gY28eg696cIdokvs4fRvR81Sf+cLLpCxEtbRqE n/Vlp9JNvGRoiWA45JmocOlIxfWtZy5rYVxzSZe8TYk2W7vVOpP1R+e+Pf4uU8yH XkkEjzJDQiGmQ4oN94YKVFHuMXZp6q4UrDGJOn5T1fe+B8UtFPxFr+x6lZKzdVYv hGVJTQSUQef68o0oHtFB09qikRkzF+7GlOrDQVrsWj3Q/IkolGW0rVKGt/AGiMhH RhlQzwJcIVxlT5KSu3O7Ol9A923dbQlyf5rNyijGgowQyXDTsfM=
    =eM0B
    -----END PGP SIGNATURE-----

    --Apple-Mail=_5F97EBC3-9C38-428E-BC42-935C9EA8E284--
    --- Synchronet 3.19c-Linux NewsLink 1.113