Stowage/cpython
2
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2026-03-12 16:00:42 +00:00
Code Issues Projects Releases Packages Wiki Activity
cpython/Lib/email
History
Miss Islington (bot) e9970f0772
[3.11] gh-143935: Email preserve parens when folding comments (GH-143936) (#144037) 
gh-143935: Email preserve parens when folding comments (GH-143936)

Fix a bug in the folding of comments when flattening an email message
using a modern email policy. Comments consisting of a very long sequence of
non-foldable characters could trigger a forced line wrap that omitted the
required leading space on the continuation line, causing the remainder of
the comment to be interpreted as a new header field. This enabled header
injection with carefully crafted inputs.
(cherry picked from commit 17d1490aa9)

Co-authored-by: Seth Michael Larson <seth@python.org>
Co-authored-by: Denis Ledoux <dle@odoo.com>
2026-01-25 17:10:38 +00:00
..
mime [3.11] gh-102507 Remove invisible pagebreak characters (GH-102531) (#108266) 2023-08-22 08:49:35 +00:00
__init__.py [3.11] gh-102507 Remove invisible pagebreak characters (GH-102531) (#108266) 2023-08-22 08:49:35 +00:00
_encoded_words.py bpo-43323: Fix UnicodeEncodeError in the email module (GH-32137) 2022-04-30 13:17:23 +03:00
_header_value_parser.py [3.11] gh-143935: Email preserve parens when folding comments (GH-143936) (#144037) 2026-01-25 17:10:38 +00:00
_parseaddr.py gh-95087: Fix IndexError in parsing invalid date in the email module (GH-95201) 2022-07-24 23:40:17 -07:00
_policybase.py [3.11] gh-121650: Encode newlines in headers, and verify headers are sound (GH-122233) (#122608) 2024-09-04 17:37:28 +02:00
architecture.rst Fix typos in multiple .rst files (#1668) 2017-05-19 23:37:57 +03:00
base64mime.py [3.11] gh-102507 Remove invisible pagebreak characters (GH-102531) (#108266) 2023-08-22 08:49:35 +00:00
charset.py [3.11] gh-102507 Remove invisible pagebreak characters (GH-102531) (#108266) 2023-08-22 08:49:35 +00:00
contentmanager.py bpo-46565: del loop vars that are leaking into module namespaces (GH-30993) 2022-02-03 11:20:08 +02:00
encoders.py [3.11] gh-102507 Remove invisible pagebreak characters (GH-102531) (#108266) 2023-08-22 08:49:35 +00:00
errors.py [3.11] gh-121650: Encode newlines in headers, and verify headers are sound (GH-122233) (#122608) 2024-09-04 17:37:28 +02:00
feedparser.py [3.11] gh-102507 Remove invisible pagebreak characters (GH-102531) (#108266) 2023-08-22 08:49:35 +00:00
generator.py [3.11] gh-144125: email: verify headers are sound in BytesGenerator (#144189) 2026-01-25 17:09:56 +00:00
header.py [3.11] gh-102507 Remove invisible pagebreak characters (GH-102531) (#108266) 2023-08-22 08:49:35 +00:00
headerregistry.py bpo-26579: Add object.__getstate__(). (GH-2821) 2022-04-06 20:00:14 +03:00
iterators.py [3.11] gh-102507 Remove invisible pagebreak characters (GH-102531) (#108266) 2023-08-22 08:49:35 +00:00
message.py [3.11] gh-136063: fix quadratic-complexity parsing in email.message._parseparam (GH-136072) (GH-140830) 2025-10-31 18:29:53 +01:00
parser.py [3.11] gh-102507 Remove invisible pagebreak characters (GH-102531) (#108266) 2023-08-22 08:49:35 +00:00
policy.py [3.11] gh-77749: Fix inconsistent behavior of non-ASCII handling in EmailPolicy.fold() (GH-6986) (GH-114607) 2024-01-26 18:30:50 +02:00
quoprimime.py bpo-46565: del loop vars that are leaking into module namespaces (GH-30993) 2022-02-03 11:20:08 +02:00
utils.py [3.11] [CVE-2023-27043] gh-102988: Reject malformed addresses in email.parseaddr() (GH-111116) (#123767) 2024-09-06 12:46:23 +02:00