bpo-34155: Dont parse domains containing @ (GH-13079) (GH-16006)
This change skips parsing of email addresses where domains include a "@" character, which can be maliciously used since the local part is returned as a complete address.
(cherry picked from commit
8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9)
Excludes changes to Lib/email/_header_value_parser.py, which did not
exist in 2.7.
Co-authored-by: jpic <jpic@users.noreply.github.com>
https://bugs.python.org/issue34155
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>
Change-Id: Ice4cb0bcaf4fdd4172b603d1a19def3bbbbec2ea
[CVE-2019-9636]bpo-36216: Add check for characters in netloc that normalize to separators (GH-12201)
Change-Id: I728d96130c1208753eae3f0646aa9cab2b76dd9b
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>