ALAS-2020-1454

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. (CVE-2020-26116)

i686:
    python35-tools-3.5.10-1.29.amzn1.i686
    python35-devel-3.5.10-1.29.amzn1.i686
    python35-debuginfo-3.5.10-1.29.amzn1.i686
    python35-3.5.10-1.29.amzn1.i686
    python35-test-3.5.10-1.29.amzn1.i686
    python35-libs-3.5.10-1.29.amzn1.i686
    python27-tools-2.7.18-2.140.amzn1.i686
    python27-test-2.7.18-2.140.amzn1.i686
    python27-devel-2.7.18-2.140.amzn1.i686
    python27-libs-2.7.18-2.140.amzn1.i686
    python27-debuginfo-2.7.18-2.140.amzn1.i686
    python27-2.7.18-2.140.amzn1.i686
    python34-tools-3.4.10-1.53.amzn1.i686
    python34-3.4.10-1.53.amzn1.i686
    python34-debuginfo-3.4.10-1.53.amzn1.i686
    python34-libs-3.4.10-1.53.amzn1.i686
    python34-test-3.4.10-1.53.amzn1.i686
    python34-devel-3.4.10-1.53.amzn1.i686

src:
    python35-3.5.10-1.29.amzn1.src
    python27-2.7.18-2.140.amzn1.src
    python34-3.4.10-1.53.amzn1.src

x86_64:
    python35-devel-3.5.10-1.29.amzn1.x86_64
    python35-test-3.5.10-1.29.amzn1.x86_64
    python35-tools-3.5.10-1.29.amzn1.x86_64
    python35-libs-3.5.10-1.29.amzn1.x86_64
    python35-3.5.10-1.29.amzn1.x86_64
    python35-debuginfo-3.5.10-1.29.amzn1.x86_64
    python27-libs-2.7.18-2.140.amzn1.x86_64
    python27-debuginfo-2.7.18-2.140.amzn1.x86_64
    python27-test-2.7.18-2.140.amzn1.x86_64
    python27-devel-2.7.18-2.140.amzn1.x86_64
    python27-tools-2.7.18-2.140.amzn1.x86_64
    python27-2.7.18-2.140.amzn1.x86_64
    python34-debuginfo-3.4.10-1.53.amzn1.x86_64
    python34-3.4.10-1.53.amzn1.x86_64
    python34-devel-3.4.10-1.53.amzn1.x86_64
    python34-tools-3.4.10-1.53.amzn1.x86_64
    python34-test-3.4.10-1.53.amzn1.x86_64
    python34-libs-3.4.10-1.53.amzn1.x86_64