DEBIAN-CVE-2026-1299
- Source
- https://security-tracker.debian.org/tracker/CVE-2026-1299
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-1299.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-1299
- Upstream
- Downstream
- Published
- 2026-01-23T17:16:12.977Z
- Modified
- 2026-02-10T11:17:09.895158Z
- Severity
-
- 6.0 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
- Summary
- [none]
- Details
-
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in "BytesGenerator".
- References
Affected packages
Debian:11
pypy3
Package
- Name
- pypy3
- Purl
- pkg:deb/debian/pypy3?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7.*
7.3.5+dfsg-2
7.3.5+dfsg-2+deb11u1
7.3.5+dfsg-2+deb11u2
7.3.5+dfsg-2+deb11u3
7.3.5+dfsg-2+deb11u4
7.3.5+dfsg-2+deb11u5
7.3.6~rc2+dfsg-1
7.3.6~rc2+dfsg-2
7.3.6+dfsg-1
7.3.7+dfsg-1
7.3.7+dfsg-2
7.3.7+dfsg-3
7.3.7+dfsg-4
7.3.7+dfsg-5
7.3.8~rc1+dfsg-1
7.3.8~rc1+dfsg-2
7.3.8+dfsg-1
7.3.8+dfsg-2
7.3.9+dfsg-1
7.3.9+dfsg-2
7.3.9+dfsg-3
7.3.9+dfsg-4
7.3.9+dfsg-5
7.3.10~rc3+dfsg-1
7.3.10~rc3+dfsg-2
7.3.10+dfsg-1
7.3.11+dfsg-1
7.3.11+dfsg-2
7.3.12~rc1+dfsg-1
7.3.12~rc2+dfsg-1
7.3.12+dfsg-1
7.3.13+dfsg-1
7.3.14+dfsg-1
7.3.15+dfsg-1
7.3.16+dfsg-1
7.3.16+dfsg-2
7.3.17+dfsg-1
7.3.17+dfsg-2
7.3.17+dfsg-3
7.3.18+dfsg-1
7.3.18+dfsg-2
7.3.19+dfsg-1
7.3.19+dfsg-2
7.3.20+dfsg-1
7.3.20+dfsg-2
7.3.20+dfsg-3
7.3.20+dfsg-4
Debian:12
pypy3
Package
- Name
- pypy3
- Purl
- pkg:deb/debian/pypy3?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7.*
7.3.11+dfsg-2
7.3.11+dfsg-2+deb12u1
7.3.11+dfsg-2+deb12u2
7.3.11+dfsg-2+deb12u3
7.3.12~rc1+dfsg-1
7.3.12~rc2+dfsg-1
7.3.12+dfsg-1
7.3.13+dfsg-1
7.3.14+dfsg-1
7.3.15+dfsg-1
7.3.16+dfsg-1
7.3.16+dfsg-2
7.3.17+dfsg-1
7.3.17+dfsg-2
7.3.17+dfsg-3
7.3.18+dfsg-1
7.3.18+dfsg-2
7.3.19+dfsg-1
7.3.19+dfsg-2
7.3.20+dfsg-1
7.3.20+dfsg-2
7.3.20+dfsg-3
7.3.20+dfsg-4
python3.11
Package
- Name
- python3.11
- Purl
- pkg:deb/debian/python3.11?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.11.2-6
3.11.2-6+deb12u1
3.11.2-6+deb12u2
3.11.2-6+deb12u3
3.11.2-6+deb12u4
3.11.2-6+deb12u5
3.11.2-6+deb12u6
3.11.3-1
3.11.3-2
3.11.4-1
3.11.5-1
3.11.5-2
3.11.5-3
3.11.6-1
3.11.6-2
3.11.6-3~hurd.2
3.11.6-3
3.11.7-1
3.11.7-2
3.11.8-1
3.11.8-1.1~exp1
3.11.8-1.1~exp2
3.11.8-2
3.11.8-3
3.11.8-3+hurd.1
3.11.9-1
Debian:13
pypy3
Debian:14
pypy3
python3.13
python3.14
Package
- Name
- python3.14
- Purl
- pkg:deb/debian/python3.14?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.14.3-1