[issue43124] [security] smtplib multiple CRLF injection

2021-08-30 Thread Ned Deily
Ned Deily added the comment: New changeset 29d97d17fb7adab3b0df9e178b73f70292d1cf64 by Miss Islington (bot) in branch '3.6': [3.6] bpo-43124: Fix smtplib multiple CRLF injection (GH-25987) (GH-28038) https://github.com/python/cpython/commit/29d97d17fb7adab3b0df9e178b73f70292d1cf64

[issue43124] [security] smtplib multiple CRLF injection

2021-08-30 Thread Ned Deily
Ned Deily added the comment: New changeset d2cc04cd3024869101e894f73307944d98d187c8 by Miss Islington (bot) in branch '3.7': [3.7] bpo-43124: Fix smtplib multiple CRLF injection (GH-25987) (GH-28037) https://github.com/python/cpython/commit/d2cc04cd3024869101e894f73307944d98d187c8

[issue43124] [security] smtplib multiple CRLF injection

2021-08-29 Thread Łukasz Langa
Łukasz Langa added the comment: Thanks, Martin! ✨  ✨ -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker ___

[issue43124] [security] smtplib multiple CRLF injection

2021-08-29 Thread Łukasz Langa
Łukasz Langa added the comment: New changeset b93aea4c7e4553950daa5d47c3ef2dc8a9c4edff by Miss Islington (bot) in branch '3.8': [3.8] bpo-43124: Fix smtplib multiple CRLF injection (GH-25987) (GH-28036) https://github.com/python/cpython/commit/b93aea4c7e4553950daa5d47c3ef2dc8a9c4edff

[issue43124] [security] smtplib multiple CRLF injection

2021-08-29 Thread Łukasz Langa
Łukasz Langa added the comment: New changeset 24416e419194f11b639146c0d8bed9df315aca5a by Miss Islington (bot) in branch '3.9': bpo-43124: Fix smtplib multiple CRLF injection (GH-25987) (GH-28035) https://github.com/python/cpython/commit/24416e419194f11b639146c0d8bed9df315aca5a --

[issue43124] [security] smtplib multiple CRLF injection

2021-08-29 Thread miss-islington
miss-islington added the comment: New changeset 9e6c317ab133cd8fa48d5ecd8568314ef2e98634 by Miss Islington (bot) in branch '3.10': bpo-43124: Fix smtplib multiple CRLF injection (GH-25987) https://github.com/python/cpython/commit/9e6c317ab133cd8fa48d5ecd8568314ef2e98634 --

[issue43124] [security] smtplib multiple CRLF injection

2021-08-29 Thread miss-islington
Change by miss-islington : -- pull_requests: +26482 pull_request: https://github.com/python/cpython/pull/28037 ___ Python tracker ___

[issue43124] [security] smtplib multiple CRLF injection

2021-08-29 Thread miss-islington
Change by miss-islington : -- pull_requests: +26483 pull_request: https://github.com/python/cpython/pull/28038 ___ Python tracker ___

[issue43124] [security] smtplib multiple CRLF injection

2021-08-29 Thread miss-islington
Change by miss-islington : -- nosy: +miss-islington nosy_count: 7.0 -> 8.0 pull_requests: +26479 pull_request: https://github.com/python/cpython/pull/28034 ___ Python tracker

[issue43124] [security] smtplib multiple CRLF injection

2021-08-29 Thread miss-islington
Change by miss-islington : -- pull_requests: +26481 pull_request: https://github.com/python/cpython/pull/28036 ___ Python tracker ___

[issue43124] [security] smtplib multiple CRLF injection

2021-08-29 Thread Łukasz Langa
Łukasz Langa added the comment: New changeset 0897253f426068ea6a6fbe0ada01689af9ef1019 by Miguel Brito in branch 'main': bpo-43124: Fix smtplib multiple CRLF injection (GH-25987) https://github.com/python/cpython/commit/0897253f426068ea6a6fbe0ada01689af9ef1019 --

[issue43124] [security] smtplib multiple CRLF injection

2021-08-29 Thread miss-islington
Change by miss-islington : -- pull_requests: +26480 pull_request: https://github.com/python/cpython/pull/28035 ___ Python tracker ___

[issue43124] [security] smtplib multiple CRLF injection

2021-07-19 Thread R. David Murray
R. David Murray added the comment: My apologies, I did not think about the possibility of an English issue. I was reacting to the "security report speak", which I find often makes a security issue sound worse than it is :) Thank you for reporting this problem, and I do think we should fix

[issue43124] [security] smtplib multiple CRLF injection

2021-07-13 Thread Martin Ortner
Martin Ortner added the comment: > This bug report starts with "a malicious user with direct access to > `smtplib.SMTP(..., local_hostname, ..)", which is a senseless supposition. > Anyone with "access to" the SMTP object could just as well be talking > directly to the SMTP server and do

[issue43124] [security] smtplib multiple CRLF injection

2021-07-13 Thread R. David Murray
R. David Murray added the comment: s/header injection/command injection/ -- ___ Python tracker ___ ___ Python-bugs-list mailing

[issue43124] [security] smtplib multiple CRLF injection

2021-07-13 Thread R. David Murray
R. David Murray added the comment: This bug report starts with "a malicious user with direct access to `smtplib.SMTP(..., local_hostname, ..)", which is a senseless supposition. Anyone with "access to" the SMTP object could just as well be talking directly to the SMTP server and do

[issue43124] [security] smtplib multiple CRLF injection

2021-07-10 Thread Alireza Pourali
Change by Alireza Pourali : -- components: -email type: security -> performance versions: -Python 3.10, Python 3.6, Python 3.7, Python 3.8, Python 3.9 ___ Python tracker ___

[issue43124] [security] smtplib multiple CRLF injection

2021-05-21 Thread Ned Deily
Ned Deily added the comment: Thanks for the PR! Can someone from the email team take a look at it, please? -- ___ Python tracker ___

[issue43124] [security] smtplib multiple CRLF injection

2021-05-08 Thread Miguel Brito
Change by Miguel Brito : -- keywords: +patch pull_requests: +24639 stage: -> patch review pull_request: https://github.com/python/cpython/pull/25987 ___ Python tracker ___

[issue43124] [security] smtplib multiple CRLF injection

2021-05-07 Thread Ned Deily
Ned Deily added the comment: There is no sign of anyone currently working on it, so please feel free to dig in! -- ___ Python tracker ___

[issue43124] [security] smtplib multiple CRLF injection

2021-05-07 Thread Miguel Brito
Miguel Brito added the comment: If there's no one working on it I'd be happy to prepare a fix. -- nosy: +miguendes ___ Python tracker ___

[issue43124] [security] smtplib multiple CRLF injection

2021-05-07 Thread Ned Deily
Ned Deily added the comment: Still in "deferred blocker" status awaiting a PR from someone -- ___ Python tracker ___ ___

[issue43124] [security] smtplib multiple CRLF injection

2021-04-02 Thread Łukasz Langa
Łukasz Langa added the comment: Deferred the blocker to a regular release due to lack of activity in time for the current expedited releases. -- priority: release blocker -> deferred blocker ___ Python tracker

[issue43124] [security] smtplib multiple CRLF injection

2021-03-31 Thread Christian Heimes
Change by Christian Heimes : -- nosy: +christian.heimes, lukasz.langa, ned.deily priority: normal -> release blocker ___ Python tracker ___

[issue43124] [security] smtplib multiple CRLF injection

2021-02-04 Thread STINNER Victor
Change by STINNER Victor : -- title: smtplib multiple CRLF injection -> [security] smtplib multiple CRLF injection ___ Python tracker ___