Steve Dower <steve.do...@python.org> added the comment:
I marked the PR to backport to 3.7 and 3.8. Up to Benjamin whether 2.7 gets it, but unless there's a specific and impactful CVE that's been fixed, I doubt it (the one linked at the start of this issue seems to require direct modification of the SQL statement, which would be a bug in itself if permitted, so I think it's outside of our threat model for CPython). ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue38380> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com