diff options
author | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2021-08-29 15:04:17 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-08-29 15:04:17 (GMT) |
commit | b93aea4c7e4553950daa5d47c3ef2dc8a9c4edff (patch) | |
tree | 0438a5c1241fa15b909ea07a239ee3b968ce9035 /Misc/NEWS.d/next | |
parent | c9c2a0bc9820f93f1020f3498f6893a3544c9b76 (diff) | |
download | cpython-b93aea4c7e4553950daa5d47c3ef2dc8a9c4edff.zip cpython-b93aea4c7e4553950daa5d47c3ef2dc8a9c4edff.tar.gz cpython-b93aea4c7e4553950daa5d47c3ef2dc8a9c4edff.tar.bz2 |
[3.8] bpo-43124: Fix smtplib multiple CRLF injection (GH-25987) (GH-28036)
Co-authored-by: Ćukasz Langa <lukasz@langa.pl>
(cherry picked from commit 0897253f426068ea6a6fbe0ada01689af9ef1019)
Co-authored-by: Miguel Brito <5544985+miguendes@users.noreply.github.com>
Diffstat (limited to 'Misc/NEWS.d/next')
-rw-r--r-- | Misc/NEWS.d/next/Security/2021-05-08-11-50-46.bpo-43124.2CTM6M.rst | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/Misc/NEWS.d/next/Security/2021-05-08-11-50-46.bpo-43124.2CTM6M.rst b/Misc/NEWS.d/next/Security/2021-05-08-11-50-46.bpo-43124.2CTM6M.rst new file mode 100644 index 0000000..e897d6c --- /dev/null +++ b/Misc/NEWS.d/next/Security/2021-05-08-11-50-46.bpo-43124.2CTM6M.rst @@ -0,0 +1,2 @@ +Made the internal ``putcmd`` function in :mod:`smtplib` sanitize input for +presence of ``\r`` and ``\n`` characters to avoid (unlikely) command injection. |