There is a LOW severity vulnerability affecting CPython. During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers.
Please see the linked CVE ID for the latest information on affected versions: CVE: https://www.cve.org/CVERecord?id=CVE-2025-1795 Issue: https://github.com/python/cpython/issues/100884 Pull requests: https://github.com/python/cpython/pull/100885 and https://github.com/python/cpython/pull/119099
_______________________________________________ Security-announce mailing list -- security-annou...@python.org To unsubscribe send an email to security-announce-le...@python.org https://mail.python.org/mailman3/lists/security-announce.python.org/ Member address: arch...@mail-archive.com
