Astra Linux - уязвимость в python3.11, python3.7

The email module, specifically the “BytesGenerator” class, did not properly quote newlines for email headers when serializing an email message. This issue occurs only when using “LiteralHeader” to write headers that do not follow email folding rules. The new behavior will reject incorrectly folde...

CLSA-2026-1776330599 python3.9: Fix of 11 CVEs

CVE-2025-8291: fix zipfile ZIP64 EOCD Locator offset validation - CVE-2025-6069: fix quadratic complexity in HTMLParser - CVE-2025-4516: fix use-after-free in unicode-escape decoder with error handler - CVE-2026-2297: ensure SourcelessFileLoader uses io.opencode - CVE-2026-3479: reject invalid...

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

CLSA-2026-1774261018 python3.9: Fix of 3 CVEs

CVE-2026-0865: Prevent HTTP header injection: validate and reject user- controlled header names and values containing newlines. - CVE-2025-15367: Reject control characters in POP3 commands - CVE-2026-1299: Reject incorrectly folded LiteralHeader values and quote newlines during BytesGenerator...

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

SUSE SLES15 Security Update : python311 (SUSE-SU-2026:0693-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0693-1 advisory. - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters...

SUSE SLED15 / SLES15 Security Update : python313 (SUSE-SU-2026:0642-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0642-1 advisory. Update to Python 3.13.12 - CVE-2026-0672: Fixed a HTTP header injection via user-controlled cookie values and...

OESA-2026-1458 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

Security update for python310

This update for python310 fixes the following issues: CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using...

Medium: python3.13

Issue Overview: When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. CVE-2025-11468 User-controlled...

BIT-PYTHON-MIN-2026-1299 email BytesGenerator header injection due to unquoted newlines

The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...

PT-2026-6338

The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...

PT-2026-6343

The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...

PT-2026-6342

The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...

BIT-PYTHON-MIN-2025-11468 Folding email comments of unfoldable characters doesn't preserve parenthesis

When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized...

SUSE CVE-2026-1299

The email module, specifically the "BytesGenerator" class, didn't properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...

CVE-2026-1299

The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...

UBUNTU-CVE-2026-1299

The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...

CVE-2026-1299

CVE-2026-1299 affects Python’s email module, specifically BytesGenerator, where newlines in headers weren’t properly quoted during serialization, enabling header injection when using LiteralHeader. The issue is triggered when headers are serialized with LiteralHeader behavior that ignores folding...

CVE-2026-1299

The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...