Log Message:
python36: updated to 3.6.11

Python 3.6.11 final

There were no new changes in version 3.6.11.

Python 3.6.11 release candidate 1

Security
bpo-39073: Disallow CR or LF in email.headerregistry.Address arguments to guard \ 
against header injection attacks.
bpo-38576: Disallow control characters in hostnames in http.client, addressing \ 
CVE-2019-18348. Such potentially malicious header injection URLs now cause a \ 
InvalidURL to be raised.
bpo-39503: CVE-2020-8492: The AbstractBasicAuthHandler class of the \ 
urllib.request module uses an inefficient regular expression which can be \ 
exploited by an attacker to cause a denial of service. Fix the regex to prevent \ 
the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt \ 
Schwager.
bpo-39401: Avoid unsafe load of api-ms-win-core-path-l1-1-0.dll at startup on \ 
Windows 7.

Core and Builtins
bpo-39510: Fix segfault in readinto() method on closed BufferedReader.
bpo-39421: Fix possible crashes when operating with the functions in the heapq \ 
module and custom comparison operators.
Library
bpo-39503: AbstractBasicAuthHandler of urllib.request now parses all \ 
WWW-Authenticate HTTP headers and accepts multiple challenges per header: use \ 
the realm of the first Basic challenge.