[3.8] bpo-43124: Fix smtplib multiple CRLF injection (GH-25987) (GH-28036)

Co-authored-by: Łukasz Langa <lukasz@langa.pl> (cherry picked from commit 0897253f426068ea6a6fbe0ada01689af9ef1019) Co-authored-by: Miguel Brito <5544985+miguendes@users.noreply.github.com>
author: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> 2021-08-29 15:04:17 (GMT)
committer: GitHub <noreply@github.com> 2021-08-29 15:04:17 (GMT)
commit: b93aea4c7e4553950daa5d47c3ef2dc8a9c4edff (patch)
tree: 0438a5c1241fa15b909ea07a239ee3b968ce9035 /Misc/NEWS.d/next
parent: c9c2a0bc9820f93f1020f3498f6893a3544c9b76 (diff)
download: cpython-b93aea4c7e4553950daa5d47c3ef2dc8a9c4edff.zip
cpython-b93aea4c7e4553950daa5d47c3ef2dc8a9c4edff.tar.gz
cpython-b93aea4c7e4553950daa5d47c3ef2dc8a9c4edff.tar.bz2
1 files changed, 2 insertions, 0 deletions
diff --git a/Misc/NEWS.d/next/Security/2021-05-08-11-50-46.bpo-43124.2CTM6M.rst b/Misc/NEWS.d/next/Security/2021-05-08-11-50-46.bpo-43124.2CTM6M.rst
new file mode 100644
index 0000000..e897d6c
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2021-05-08-11-50-46.bpo-43124.2CTM6M.rst
@@ -0,0 +1,2 @@
+Made the internal ``putcmd`` function in :mod:`smtplib` sanitize input for
+presence of ``\r`` and ``\n`` characters to avoid (unlikely) command injection.
author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>	2021-08-29 15:04:17 (GMT)
committer	GitHub <noreply@github.com>	2021-08-29 15:04:17 (GMT)
commit	b93aea4c7e4553950daa5d47c3ef2dc8a9c4edff (patch)
tree	0438a5c1241fa15b909ea07a239ee3b968ce9035 /Misc/NEWS.d/next
parent	c9c2a0bc9820f93f1020f3498f6893a3544c9b76 (diff)
download	cpython-b93aea4c7e4553950daa5d47c3ef2dc8a9c4edff.zip cpython-b93aea4c7e4553950daa5d47c3ef2dc8a9c4edff.tar.gz cpython-b93aea4c7e4553950daa5d47c3ef2dc8a9c4edff.tar.bz2