]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8ad8287) | patch
[3.13] gh-143935: Email preserve parens when folding comments (GH-143936) (#144035)
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Sun, 25 Jan 2026 17:09:53 +0000 (18:09 +0100)
committerGitHub <noreply@github.com>
Sun, 25 Jan 2026 17:09:53 +0000 (17:09 +0000)
commitf738386838021c762efea6c9802c82de65e87796
tree1a5b96fdda42553d81dacc6145e8b713cd219febtree | snapshot
parent8ad828750fe2df124c2c522fafee9a041efb6ee7commit | diff
[3.13] gh-143935: Email preserve parens when folding comments (GH-143936) (#144035)

gh-143935: Email preserve parens when folding comments (GH-143936)

Fix a bug in the folding of comments when flattening an email message
using a modern email policy. Comments consisting of a very long sequence of
non-foldable characters could trigger a forced line wrap that omitted the
required leading space on the continuation line, causing the remainder of
the comment to be interpreted as a new header field. This enabled header
injection with carefully crafted inputs.
(cherry picked from commit 17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2)

Co-authored-by: Seth Michael Larson <seth@python.org>
Co-authored-by: Denis Ledoux <dle@odoo.com>
Lib/email/_header_value_parser.py diff | blob | blame | history
Lib/test/test_email/test__header_value_parser.py diff | blob | blame | history
Misc/NEWS.d/next/Security/2026-01-16-14-40-31.gh-issue-143935.U2YtKl.rst [new file with mode: 0644] blob
Mirror of https://github.com/python/cpython.git