Sorry, we only accept the security patch for 3.5-3.7.

I close this PR cc@ericvsmith

ref:https://devguide.python.org/#status-of-python-branches

@corona10 this is assigned aCVE-2020-14422

Pls refer:https://nvd.nist.gov/vuln/detail?vulnId=CVE-2020-14422

Let me know if i am wrong.

@tapakund
Thanks for let me know in this case, we should re-open the PR and the issue :)

As I commented on the bpo issue, please add the CVE to the NEWS item.

Can we get the new build of Python 3.6 which has this fix available publically?

@ned-deily ^^^

@sshuklao Just to be clear, we do not provide builds, as in binary builds, for Python versions, like 3.6, that are in thesecurity-fix phase of their life cycle. For 3.6, our policy has been to provide periodic source-only releases that rollup any new fixes since the previous rollup. The most recent rollup was just a few weeks ago, several days before this fix was published. There is a fix for a different problem that has also been published since then, so we may do the next rollup sooner than usual. We expect that third-party distributors supporting 3.6 will pick up fixes according to their support policies. If you are on your own and/or need the fix immediately, you can always apply the latest fixes yourself from the cpython GitHub repo 3.6 branch, either using git directly (https://github.com/python/cpython/tree/3.6) or you can download a GitHub-produced zip archive of the current state of the branch (https://github.com/python/cpython/archive/3.6.zip).