Stowage/cpython
2
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2026-03-10 06:50:52 +00:00
Code Issues Projects Releases Packages Wiki Activity
cpython/Lib/email
History
Edgar Ramírez Mondragón 003b831566
[3.10] gh-143935: Email preserve parens when folding comments (GH-143936) (#144350) 
Fix a bug in the folding of comments when flattening an email message
using a modern email policy. Comments consisting of a very long sequence of
non-foldable characters could trigger a forced line wrap that omitted the
required leading space on the continuation line, causing the remainder of
the comment to be interpreted as a new header field. This enabled header
injection with carefully crafted inputs.
(cherry picked from commit 17d1490)

Co-authored-by: Seth Michael Larson seth@python.org
Co-authored-by: Denis Ledoux dle@odoo.com

- Issue: Fix folding of long comments of unfoldable characters in email headers #143935

Signed-off-by: Edgar Ramírez Mondragón <edgarrm358@gmail.com>
Co-authored-by: Seth Michael Larson <seth@python.org>
2026-03-02 23:58:52 +00:00
..
mime [3.10] gh-101021: Document binary parameters as bytes (GH-101024). (#101052) 2023-01-14 21:31:59 -08:00
__init__.py #22508: Drop email __version__ string. It no longer means anything. 2014-10-03 13:02:47 -04:00
_encoded_words.py bpo-43323: Fix UnicodeEncodeError in the email module (GH-32137) 2022-04-30 05:31:28 -07:00
_header_value_parser.py [3.10] gh-143935: Email preserve parens when folding comments (GH-143936) (#144350) 2026-03-02 23:58:52 +00:00
_parseaddr.py gh-95087: Fix IndexError in parsing invalid date in the email module (GH-95201) 2022-07-24 23:39:00 -07:00
_policybase.py [3.10] gh-121650: Encode newlines in headers, and verify headers are sound (GH-122233) (#122609) 2024-09-04 17:38:31 +02:00
architecture.rst Fix typos in multiple .rst files (#1668) 2017-05-19 23:37:57 +03:00
base64mime.py bpo-43125: Fix: return expected type (str), not original value (bytes) in email/base64mime.py::body_encode (GH-24476) 2021-03-30 17:37:37 +09:00
charset.py [3.10] gh-77630: Change Charset to charset (GH-92439) (GH-92476) 2022-05-08 08:28:06 -07:00
contentmanager.py [3.10] bpo-45060: Get rid of few uses of the equality operators with None (GH-28087). (GH-28092) 2021-09-03 21:13:00 -04:00
encoders.py #19957: Simplify encode_7or8bit now that _payload is always str. 2013-12-12 21:40:20 -05:00
errors.py [3.10] gh-121650: Encode newlines in headers, and verify headers are sound (GH-122233) (#122609) 2024-09-04 17:38:31 +02:00
feedparser.py bpo-30835: email: Fix AttributeError when parsing invalid CTE (GH-13598) 2019-06-04 11:00:47 -07:00
generator.py [3.10] gh-144125: email: verify headers are sound in BytesGenerator (#144180) 2026-01-25 17:10:00 +00:00
header.py bpo-27737: Allow whitespace only headers encoding (#13478) 2019-05-22 21:13:16 -04:00
headerregistry.py Remove comment about a private email.headerregistry (GH-24233) 2021-02-24 17:21:32 -04:00
iterators.py utilize yield from 2012-10-01 12:53:43 -07:00
message.py [3.10] gh-136063: fix quadratic-complexity parsing in email.message._parseparam (GH-136072) (#140831) 2026-01-25 17:11:05 +00:00
parser.py Fix infinite loop in email folding logic (GH-12732) 2019-07-16 10:50:01 -07:00
policy.py bpo-33524: Fix the folding of email header when max_line_length is 0 or None (#13391) 2019-05-17 15:28:44 -04:00
quoprimime.py bpo-32297: Few misspellings found in Python source code comments. (#4803) 2017-12-14 13:04:53 +02:00
utils.py [3.10] [CVE-2023-27043] gh-102988: Reject malformed addresses in email.parseaddr() (GH-111116) (#123768) 2024-09-06 13:14:22 +02:00