Log Message:
python38 py38-html-docs: updated to 3.8.16

Python 3.8.16 final

Security
gh-100001: python -m http.server no longer allows terminal control characters \ 
sent within a garbage request to be printed to the stderr server log.

This is done by changing the http.server BaseHTTPRequestHandler .log_message \ 
method to replace control characters with a \xHH hex escape before printing.
gh-87604: Avoid publishing list of active per-interpreter audit hooks via the gc \ 
module
gh-98433: The IDNA codec decoder used on DNS hostnames by socket or asyncio \ 
related name resolution functions no longer involves a quadratic algorithm. This \ 
prevents a potential CPU denial of service if an out-of-spec excessive length \ 
hostname involving bidirectional characters were decoded. Some protocols such as \ 
urllib http 3xx redirects potentially allow for an attacker to supply such a \ 
name.
gh-98739: Update bundled libexpat to 2.5.0
gh-98517: Port XKCP’s fix for the buffer overflows in SHA-3 (CVE-2022-37454).
gh-68966: The deprecated mailcap module now refuses to inject unsafe text \ 
(filenames, MIME types, parameters) into shell commands. Instead of using such \ 
text, it will warn and act as if a match was not found (or for test commands, as \ 
if the test failed).