Source: pypy3 X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerability was published for pypy3. CVE-2023-27043[0]: | The email module of Python through 3.11.3 incorrectly parses e-mail | addresses that contain a special character. The wrong portion of an | RFC2822 header is identified as the value of the addr-spec. In some | applications, an attacker can bypass a protection mechanism in which | application access is granted only after verifying receipt of e-mail | to a specific domain (e.g., only @company.example.com addresses may | be used for signup). This occurs in email/_parseaddr.py in recent | versions of Python. https://github.com/python/cpython/issues/102988 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-27043 https://www.cve.org/CVERecord?id=CVE-2023-27043 Please adjust the affected versions in the BTS as needed.
