This update for python36 fixes the following issues: - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen - CVE-2019-20916: Fixed a directory traversal in _download_http_url . - CVE-2020-27619: Fixed an issue where the CJK codec tests call eval on content retrieved via HTTP . - CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP . - Working-around missing python-packaging dependency in python-Sphinx is not necessary anymore . - Build of python3 documentation is not independent on the version of Sphinx.