The email module, specifically the BytesGenerator class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using LiteralHeader writing headers that dont respect email folding rules, the new behavior will reject the incorrectly folded headers in BytesGenerator.
The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Red Hat Enterprise Linux 8 | RedHat | python3-0:3.6.8-73.el8_10 | * |
| Red Hat Enterprise Linux 8 | RedHat | python3-0:3.6.8-73.el8_10 | * |
| Python3.13 | Ubuntu | devel | * |
| Python3.14 | Ubuntu | devel | * |