The e-mail module of Python 0 - 2.7.18, 3.x - 3.11 incorrectly parses e-mail addresses which contain a special character. This vulnerability allows attackers to send messages from e-ail addresses that would otherwise be rejected. https://github.com/python/cpython/issues/102988 http://python.org
Created mingw-python3 tracking bugs for this issue: Affects: fedora-all [bug 2196185] Created python2.7 tracking bugs for this issue: Affects: fedora-all [bug 2196186] Created python3.10 tracking bugs for this issue: Affects: fedora-all [bug 2196187] Created python3.11 tracking bugs for this issue: Affects: fedora-all [bug 2196188] Created python3.12 tracking bugs for this issue: Affects: fedora-all [bug 2196190] Created python3.6 tracking bugs for this issue: Affects: fedora-all [bug 2196191] Created python3.7 tracking bugs for this issue: Affects: fedora-all [bug 2196192] Created python3.8 tracking bugs for this issue: Affects: fedora-all [bug 2196193] Created python3.9 tracking bugs for this issue: Affects: fedora-all [bug 2196194] Created python34 tracking bugs for this issue: Affects: epel-7 [bug 2196184]
https://github.com/advisories/GHSA-5mwm-wccq-xqcp
We have investigated the problem in the original patch that was reverted and proposed a solution. There is a new PR addressing this but it's progressing slowly. We are closely monitoring it. https://github.com/python/cpython/pull/108250 The previously merged and then reverted patch demonstrates that we should be very careful with fixes like this.
FEDORA-2023-87771f4249 has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2023-c0bf8c0c4e has been pushed to the Fedora 38 stable repository. If problem still persists, please make note of it in this bug report.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:0256 https://access.redhat.com/errata/RHSA-2024:0256
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:0466 https://access.redhat.com/errata/RHSA-2024:0466
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:0454 https://access.redhat.com/errata/RHSA-2024:0454
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:0430 https://access.redhat.com/errata/RHSA-2024:0430
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:0586 https://access.redhat.com/errata/RHSA-2024:0586
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2292 https://access.redhat.com/errata/RHSA-2024:2292