mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-07-14 23:05:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9
cpython/Lib/email
History
Exact
Miss Islington (bot) 0a66052d8d
[3.11] gh-121284: Fix email address header folding with parsed encoded-word (GH-122754) (GH-131405) 
Email generators using email.policy.default may convert an RFC 2047
encoded-word to unencoded form during header refolding. In a structured
header, this could allow 'specials' chars outside a quoted-string,
leading to invalid address headers and enabling spoofing. This change
ensures a parsed encoded-word that contains specials is kept as an
encoded-word while the header is refolded.

[Better fix from @bitdancer.]

(cherry picked from commit 295b53df2a)

Co-authored-by: Mike Edmunds <medmunds@gmail.com>
Co-authored-by: R David Murray <rdmurray@bitdance.com>
Co-authored-by: Petr Viktorin <encukou@gmail.com>
2025-04-03 18:27:02 +02:00
..
mime [3.11] gh-102507 Remove invisible pagebreak characters (GH-102531) (#108266) 2023-08-22 08:49:35 +00:00
__init__.py [3.11] gh-102507 Remove invisible pagebreak characters (GH-102531) (#108266) 2023-08-22 08:49:35 +00:00
_encoded_words.py bpo-43323: Fix UnicodeEncodeError in the email module (GH-32137) 2022-04-30 13:17:23 +03:00
_header_value_parser.py [3.11] gh-121284: Fix email address header folding with parsed encoded-word (GH-122754) (GH-131405) 2025-04-03 18:27:02 +02:00
_parseaddr.py gh-95087: Fix IndexError in parsing invalid date in the email module (GH-95201) 2022-07-24 23:40:17 -07:00
_policybase.py [3.11] gh-121650: Encode newlines in headers, and verify headers are sound (GH-122233) (#122608) 2024-09-04 17:37:28 +02:00
architecture.rst Fix typos in multiple .rst files (#1668) 2017-05-19 23:37:57 +03:00
base64mime.py [3.11] gh-102507 Remove invisible pagebreak characters (GH-102531) (#108266) 2023-08-22 08:49:35 +00:00
charset.py [3.11] gh-102507 Remove invisible pagebreak characters (GH-102531) (#108266) 2023-08-22 08:49:35 +00:00
contentmanager.py bpo-46565: del loop vars that are leaking into module namespaces (GH-30993) 2022-02-03 11:20:08 +02:00
encoders.py [3.11] gh-102507 Remove invisible pagebreak characters (GH-102531) (#108266) 2023-08-22 08:49:35 +00:00
errors.py [3.11] gh-121650: Encode newlines in headers, and verify headers are sound (GH-122233) (#122608) 2024-09-04 17:37:28 +02:00
feedparser.py [3.11] gh-102507 Remove invisible pagebreak characters (GH-102531) (#108266) 2023-08-22 08:49:35 +00:00
generator.py [3.11] gh-121650: Encode newlines in headers, and verify headers are sound (GH-122233) (#122608) 2024-09-04 17:37:28 +02:00
header.py [3.11] gh-102507 Remove invisible pagebreak characters (GH-102531) (#108266) 2023-08-22 08:49:35 +00:00
headerregistry.py bpo-26579: Add object.__getstate__(). (GH-2821) 2022-04-06 20:00:14 +03:00
iterators.py [3.11] gh-102507 Remove invisible pagebreak characters (GH-102531) (#108266) 2023-08-22 08:49:35 +00:00
message.py [3.11] gh-76511: Fix email.Message.as_string() for non-ASCII message with ASCII charset (GH-116125) (GH-116365) 2024-03-05 17:32:30 +00:00
parser.py [3.11] gh-102507 Remove invisible pagebreak characters (GH-102531) (#108266) 2023-08-22 08:49:35 +00:00
policy.py [3.11] gh-77749: Fix inconsistent behavior of non-ASCII handling in EmailPolicy.fold() (GH-6986) (GH-114607) 2024-01-26 18:30:50 +02:00
quoprimime.py bpo-46565: del loop vars that are leaking into module namespaces (GH-30993) 2022-02-03 11:20:08 +02:00
utils.py [3.11] [CVE-2023-27043] gh-102988: Reject malformed addresses in email.parseaddr() (GH-111116) (#123767) 2024-09-06 12:46:23 +02:00