Our Python 3.6.5 package is vulnerable to CVE-2018-14647, fixed in CPython commit f7666e828cc3d5873136473ea36ba2013d624fa1, released in v3.6.7rc1: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647