bpo-39073: validate Address parts to disallow CRLF (GH-19007) (#19224)

Disallow CR or LF in email.headerregistry.Address arguments to guard against header injection attacks. (cherry picked from commit 614f17211c5fc0e5b828be1d3320661d1038fe8f) Co-authored-by: Ashwin Ramaswami <aramaswamis@gmail.com> Co-authored-by: Ashwin Ramaswami <aramaswamis@gmail.com>
author: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> 2020-05-27 16:17:52 -0700
committer: GitHub <noreply@github.com> 2020-05-27 19:17:52 -0400
commit: 7df32f844efed33ca781a016017eab7050263b90 (patch)
tree: a86501bf0425c2017f7568e073ecf3f9f008daab /Misc/NEWS.d/next/Security
parent: Add pt-br switcher to the Documentation website (GH-20301) (diff)
download: cpython-7df32f844efed33ca781a016017eab7050263b90.tar.gz
cpython-7df32f844efed33ca781a016017eab7050263b90.tar.bz2
cpython-7df32f844efed33ca781a016017eab7050263b90.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/Misc/NEWS.d/next/Security/2020-03-15-01-28-36.bpo-39073.6Szd3i.rst b/Misc/NEWS.d/next/Security/2020-03-15-01-28-36.bpo-39073.6Szd3i.rst
new file mode 100644
index 00000000000..6c9447b897b
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2020-03-15-01-28-36.bpo-39073.6Szd3i.rst
@@ -0,0 +1 @@
+Disallow CR or LF in email.headerregistry.Address arguments to guard against header injection attacks.
author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>	2020-05-27 16:17:52 -0700
committer	GitHub <noreply@github.com>	2020-05-27 19:17:52 -0400
commit	7df32f844efed33ca781a016017eab7050263b90 (patch)
tree	a86501bf0425c2017f7568e073ecf3f9f008daab /Misc/NEWS.d/next/Security
parent	Add pt-br switcher to the Documentation website (GH-20301) (diff)
download	cpython-7df32f844efed33ca781a016017eab7050263b90.tar.gz cpython-7df32f844efed33ca781a016017eab7050263b90.tar.bz2 cpython-7df32f844efed33ca781a016017eab7050263b90.zip