The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libpython3.8": "3.8.10-0ubuntu1~20.04.12", "libpython3.8-minimal": "3.8.10-0ubuntu1~20.04.12", "python3.8-dbg": "3.8.10-0ubuntu1~20.04.12", "python3.8-doc": "3.8.10-0ubuntu1~20.04.12", "python3.8-minimal": "3.8.10-0ubuntu1~20.04.12", "libpython3.8-testsuite": "3.8.10-0ubuntu1~20.04.12", "idle-python3.8": "3.8.10-0ubuntu1~20.04.12", "libpython3.8-dbg": "3.8.10-0ubuntu1~20.04.12", "python3.8": "3.8.10-0ubuntu1~20.04.12", "python3.8-venv": "3.8.10-0ubuntu1~20.04.12", "python3.8-full": "3.8.10-0ubuntu1~20.04.12", "python3.8-examples": "3.8.10-0ubuntu1~20.04.12", "libpython3.8-stdlib": "3.8.10-0ubuntu1~20.04.12", "python3.8-dev": "3.8.10-0ubuntu1~20.04.12", "libpython3.8-dev": "3.8.10-0ubuntu1~20.04.12" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libpython3.10": "3.10.12-1~22.04.6", "python3.10": "3.10.12-1~22.04.6", "libpython3.10-stdlib": "3.10.12-1~22.04.6", "python3.10-examples": "3.10.12-1~22.04.6", "libpython3.10-dev": "3.10.12-1~22.04.6", "python3.10-dev": "3.10.12-1~22.04.6", "python3.10-doc": "3.10.12-1~22.04.6", "python3.10-nopie": "3.10.12-1~22.04.6", "libpython3.10-testsuite": "3.10.12-1~22.04.6", "python3.10-venv": "3.10.12-1~22.04.6", "libpython3.10-minimal": "3.10.12-1~22.04.6", "python3.10-full": "3.10.12-1~22.04.6", "python3.10-dbg": "3.10.12-1~22.04.6", "idle-python3.10": "3.10.12-1~22.04.6", "python3.10-minimal": "3.10.12-1~22.04.6", "libpython3.10-dbg": "3.10.12-1~22.04.6" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "python3.12-dbg": "3.12.3-1ubuntu0.2", "libpython3.12t64": "3.12.3-1ubuntu0.2", "python3.12-doc": "3.12.3-1ubuntu0.2", "python3.12": "3.12.3-1ubuntu0.2", "python3.12-minimal": "3.12.3-1ubuntu0.2", "python3.12-nopie": "3.12.3-1ubuntu0.2", "libpython3.12t64-dbg": "3.12.3-1ubuntu0.2", "libpython3.12-testsuite": "3.12.3-1ubuntu0.2", "python3.12-examples": "3.12.3-1ubuntu0.2", "python3.12-dev": "3.12.3-1ubuntu0.2", "idle-python3.12": "3.12.3-1ubuntu0.2", "libpython3.12-stdlib": "3.12.3-1ubuntu0.2", "libpython3.12-minimal": "3.12.3-1ubuntu0.2", "python3.12-venv": "3.12.3-1ubuntu0.2", "libpython3.12-dev": "3.12.3-1ubuntu0.2", "python3.12-full": "3.12.3-1ubuntu0.2" } ] }