[issue19470] email.header.Header - should not allow two newlines in a row

2013-11-01 Thread hhm 

hhm added the comment:

(see also http://bugs.python.org/issue5871)

--

___
Python tracker 
<http://bugs.python.org/issue19470>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue19470] email.header.Header - should not allow two newlines in a row

2013-11-01 Thread hhm 

New submission from hhm:

An email.header.Header object should not allow two consecutive newlines, since 
this terminates interpretation of headers and starts the body section. This can 
be exploited by an attacker in a case of user input being used in headers, and 
validated with the Header object, by stopping interpretation of any further 
headers, which become interpreted by an user (or other) agent. This in turn can 
be used to modify the behavior of emails, web pages, and the like, where such 
code is present.

--
components: Library (Lib)
messages: 201884
nosy: hhm
priority: normal
severity: normal
status: open
title: email.header.Header - should not allow two newlines in a row
type: security
versions: Python 2.7

___
Python tracker 
<http://bugs.python.org/issue19470>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue19470] email.header.Header - should not allow two newlines in a row

2013-11-01 Thread hhm 

Changes by hhm :


--
versions: +Python 3.3

___
Python tracker 
<http://bugs.python.org/issue19470>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com