Release date:
2026-05-04 16:53:27 UTC
Description:
* SECURITY UPDATE: email.generator.BytesGenerator does not validate folded
headers, allowing header injection via crafted Header subclasses
- debian/patches/CVE-2026-1299.patch: extend verify_generated_headers
check to BytesGenerator._write_headers() in Lib/email/generator.py
so unsafely folded or delimited headers raise HeaderWriteError on
as_bytes() too. Adds matching test coverage in
Lib/test/test_email/test_generator.py and test_policy.py.
- CVE-2026-1299
Updated packages:
-
alt-python38_3.8.20-14_amd64.deb
sha:3a459f8bb37f65ecc163cde4a491772cb3ea0c17
-
alt-python38-debug_3.8.20-14_amd64.deb
sha:d0c14eba38efb11f8dff60d3d4b56d93d78b9cae
-
alt-python38-devel_3.8.20-14_amd64.deb
sha:567abbfd9a6497604f41825d3f3a568133c71b8b
-
alt-python38-idle_3.8.20-14_amd64.deb
sha:66d657214d64961d1fcf2bad92dfeea03802d106
-
alt-python38-libs_3.8.20-14_amd64.deb
sha:83a8546ac5e8ad730347937f6ae61de5dc69b0c3
-
alt-python38-test_3.8.20-14_amd64.deb
sha:b580d464ec43a2b409df9ced0e58f934f85fb33d
-
alt-python38-tkinter_3.8.20-14_amd64.deb
sha:768f9b4a882a1e2ef6462b7f54965a089a695a2c
-
alt-python38_3.8.20-14_arm64.deb
sha:df324e044b9e5cf4df173e0013db4fcab934c8d1
-
alt-python38-debug_3.8.20-14_arm64.deb
sha:7f48523e1d06a65c091f8ecb0f2772698dc6c09b
-
alt-python38-devel_3.8.20-14_arm64.deb
sha:ddbb9158830fdf070e1c02a3632a9f60bd61f4b9
-
alt-python38-idle_3.8.20-14_arm64.deb
sha:e8f6a07e9287ce5b91a7a85096a1219f3b3cb953
-
alt-python38-libs_3.8.20-14_arm64.deb
sha:2ad671b737b897eff19e04886e3bb2fbc1903de6
-
alt-python38-test_3.8.20-14_arm64.deb
sha:ffdc559ce37ed84b19b9598209dbf123e03195b0
-
alt-python38-tkinter_3.8.20-14_arm64.deb
sha:99fe46ec1bb21618760bdd90ec1d59bb6cbca836
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
