Release date:
2026-05-04 16:58:49 UTC
Description:
* SECURITY UPDATE: email.generator.BytesGenerator does not validate folded
headers, allowing header injection via crafted Header subclasses
- debian/patches/CVE-2026-1299.patch: extend verify_generated_headers
check to BytesGenerator._write_headers() in Lib/email/generator.py
so unsafely folded or delimited headers raise HeaderWriteError on
as_bytes() too. Adds matching test coverage in
Lib/test/test_email/test_generator.py and test_policy.py.
- CVE-2026-1299
Updated packages:
-
alt-python38_3.8.20-14_amd64.deb
sha:1b8724264f79b8eb593bda3de0ceffa7675d11e0
-
alt-python38-debug_3.8.20-14_amd64.deb
sha:c52731c5e9d6f4449cb8065ef6a1459c0d48a3bb
-
alt-python38-devel_3.8.20-14_amd64.deb
sha:b98bb18bdebfe3c0a66bfa302a20731470688ecf
-
alt-python38-idle_3.8.20-14_amd64.deb
sha:8acc36376f3dadc3b17bc50165769b4cdec237a5
-
alt-python38-libs_3.8.20-14_amd64.deb
sha:16a40c12374830dcbc2edf41b38bb2d5b4b1825a
-
alt-python38-test_3.8.20-14_amd64.deb
sha:d1d04a73dcbd1b6d852676526f17fd03fcd3c87e
-
alt-python38-tkinter_3.8.20-14_amd64.deb
sha:ca899238b3be01423b4eea26439b36064ac5263e
-
alt-python38_3.8.20-14_arm64.deb
sha:da11d01b8d4acb445fe068a43257df7818193135
-
alt-python38-debug_3.8.20-14_arm64.deb
sha:633d5d0d04ef7c5d4c8a8c67b69820d64fce20fd
-
alt-python38-devel_3.8.20-14_arm64.deb
sha:53a895ea2c7cfac334f481f42ee29e79173b237a
-
alt-python38-idle_3.8.20-14_arm64.deb
sha:12473e701bcca876f715c57e79ef9ec70eb9138a
-
alt-python38-libs_3.8.20-14_arm64.deb
sha:cf7cec7d9f1bb7655f92c5bf165b3024fd4b0608
-
alt-python38-test_3.8.20-14_arm64.deb
sha:c2e8968f659691168f8ffc71b004b3294380c604
-
alt-python38-tkinter_3.8.20-14_arm64.deb
sha:523c99afb4a6a5eff2fa4e32ffa1aec0bdb80e98
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
