projects / platform / upstream / python3.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 49cc7a0) | patch
[CVE-2019-16056] bpo-34155: Dont parse domains containing @ (GH-13079) 14/233214/2 accepted/tizen_6.0_base_tool_hotfix sandbox/backup/python3-3.7.3_20201214 tizen_6.0_base_hotfix accepted/tizen/6.0/base/20201029.105650 accepted/tizen/6.0/base/tool/20201029.111530 accepted/tizen/6.0/base/tool/hotfix/20201030.124321 accepted/tizen/6.0/base/tool/hotfix/20201102.085426 accepted/tizen/base/20200705.212451 accepted/tizen/base/tool/20201228.232447 submit/tizen_6.0_base/20201029.184802 submit/tizen_6.0_base_hotfix/20201030.192502 submit/tizen_6.0_base_hotfix/20201102.162702 submit/tizen_base/20200513.055616 submit/tizen_base/20200518.005456 submit/tizen_base/20200602.235613 submit/tizen_base/20200608.233624 submit/tizen_base/20200629.060732 submit/tizen_base/20201207.055733 submit/tizen_base/20201208.051231 submit/tizen_base/20201208.051733 submit/tizen_base/20201228.001510 tizen_6.0.m2_release
authorjpic <jpic@users.noreply.github.com>
Wed, 17 Jul 2019 21:54:25 +0000 (23:54 +0200)
committerDongHun Kwak <dh0128.kwak@samsung.com>
Wed, 13 May 2020 05:45:01 +0000 (14:45 +0900)
commit941cb9929bbc398275123862ec0c5659a7b95ed3
treebf072dbdbdae33a06b547f012318498542e0c5a5tree | snapshot
parent49cc7a0c54b1adc7e77f9f881ab0bc24eb37ab64commit | diff
[CVE-2019-16056] bpo-34155: Dont parse domains containing @ (GH-13079)

Before:

        >>> email.message_from_string('From: a@malicious.org@important.com', policy=email.policy.default)['from'].addresses
        (Address(display_name='', username='a', domain='malicious.org'),)

        >>> parseaddr('a@malicious.org@important.com')
        ('', 'a@malicious.org')

    After:

        >>> email.message_from_string('From: a@malicious.org@important.com', policy=email.policy.default)['from'].addresses
        (Address(display_name='', username='', domain=''),)

        >>> parseaddr('a@malicious.org@important.com')
        ('', 'a@')

https://bugs.python.org/issue34155
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>
Change-Id: I41cc6ee702cfce07f655d768bb02dbc21e8bd23a
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>
Lib/email/_header_value_parser.py diff | blob | history
Lib/email/_parseaddr.py diff | blob | history
Lib/test/test_email/test__header_value_parser.py diff | blob | history
Lib/test/test_email/test_email.py diff | blob | history
Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst [new file with mode: 0644] blob
packaging/python3.spec diff | blob | history
Domain: System / Base;