Source: python2.7 Version: 2.7.16-4 Severity: important Tags: security upstream Forwarded: https://bugs.python.org/issue34155 Control: found -1 2.7.16-2 Control: found -1 2.7.13-2+deb9u3 Control: found -1 2.7.13-2
Hi, The following vulnerability was published for python2.7. CVE-2019-16056[0]: | An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, | 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly | parses email addresses that contain multiple @ characters. An | application that uses the email module and implements some kind of | checks on the From/To headers of a message could be tricked into | accepting an email address that should be denied. An attack may be the | same as in CVE-2019-11340; however, this CVE applies to Python more | generally. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-16056 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056 [1] https://bugs.python.org/issue34155 [2] https://github.com/python/cpython/commit/4cbcd2f8c4e12b912e4d21fd892eedf7a3813d8e Regards, Salvatore