Launchpad.net

CVE 2019-16056

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.

Related bugs and status

CVE-2019-16056 (Candidate) is related to these bugs:

Bug #1808476: Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak constants

		In	Importance	Status
1808476	Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak constants	python2.7 (Ubuntu)	Undecided	Fix Released
1808476	Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak constants	python2.7 (Ubuntu Disco)	Undecided	Fix Released
1808476	Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak constants	python2.7 (Ubuntu Cosmic)	Undecided	Fix Released
1808476	Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak constants	python2.7 (Ubuntu Bionic)	Undecided	Fix Released

Bug #1855133: SRU: update python2.7 to the 2.7.17 release

		In	Importance	Status
1855133	SRU: update python2.7 to the 2.7.17 release	python2.7 (Ubuntu)	Undecided	Fix Released
1855133	SRU: update python2.7 to the 2.7.17 release	python2.7 (Ubuntu Bionic)	Undecided	Fix Released
1855133	SRU: update python2.7 to the 2.7.17 release	python-stdlib-extensions (Ubuntu)	Undecided	Fix Released
1855133	SRU: update python2.7 to the 2.7.17 release	python-stdlib-extensions (Ubuntu Bionic)	Undecided	Fix Released
1855133	SRU: update python2.7 to the 2.7.17 release	python-stdlib-extensions (Ubuntu Eoan)	Undecided	Fix Released
1855133	SRU: update python2.7 to the 2.7.17 release	python2.7 (Ubuntu Eoan)	Undecided	Fix Released

Bug #1887438: Controller-0 Not Ready after force rebooting active controller (Controller-1)

Summary				In	Importance	Status
	1887438	Controller-0 Not Ready after force rebooting active controller (Controller-1)		StarlingX	Medium	Fix Released

Bug #1906470: CVE-2019-11068: libxslt: bypass of protection mechanism

Summary				In	Importance	Status
	1906470	CVE-2019-11068: libxslt: bypass of protection mechanism		StarlingX	High	Fix Released

Bug #1906471: CVE-2019-17006: nss: crypto primitives missing length checks

Summary				In	Importance	Status
	1906471	CVE-2019-17006: nss: crypto primitives missing length checks		StarlingX	High	Fix Released

Bug #1908088: stx-tools: yum fails in Docker with misleading error messages

Summary				In	Importance	Status
	1908088	stx-tools: yum fails in Docker with misleading error messages		StarlingX	Low	Fix Released

Bug #1908297: populate_downloads.sh doesn't clean/backup old content

Summary				In	Importance	Status
	1908297	populate_downloads.sh doesn't clean/backup old content		StarlingX	Low	Fix Released

Bug #1908751: mirror-check.sh failes for layered build

Summary				In	Importance	Status
	1908751	mirror-check.sh failes for layered build		StarlingX	Low	Triaged

Bug #1910130: Build of 'compile' layer fails due to missing python3 dependencies

Summary				In	Importance	Status
	1910130	Build of 'compile' layer fails due to missing python3 dependencies		StarlingX	Critical	Fix Released

Bug #1912139: CVE-2018-19519: tcpdump: a stack-based buffer over-read

Summary				In	Importance	Status
	1912139	CVE-2018-19519: tcpdump: a stack-based buffer over-read		StarlingX	Medium	Fix Released

Bug #1912682: tools: Dockerfile: yum install silently ignores errors

Summary				In	Importance	Status
	1912682	tools: Dockerfile: yum install silently ignores errors		StarlingX	Low	Fix Released

Bug #1915050: IPv6: All hosts remain offline after booting off the controller-0

Summary				In	Importance	Status
	1915050	IPv6: All hosts remain offline after booting off the controller-0		StarlingX	Critical	Fix Released

Bug #1917864: bash: shell commands are no longer logged to /var/log/bash.log

Summary				In	Importance	Status
	1917864	bash: shell commands are no longer logged to /var/log/bash.log		StarlingX	High	Fix Released

Bug #1917901: tb.sh create fails on rmdir /var/lib/mock

Summary				In	Importance	Status
	1917901	tb.sh create fails on rmdir /var/lib/mock		StarlingX	High	Fix Released

Bug #1918154: CVE-2020-10878: perl: perl before 5.30.3 has an integer overflow

Summary				In	Importance	Status
	1918154	CVE-2020-10878: perl: perl before 5.30.3 has an integer overflow		StarlingX	High	Fix Released

Bug #1918477: download_mirror.sh is slow

Summary				In	Importance	Status
	1918477	download_mirror.sh is slow		StarlingX	High	Fix Released

Bug #1920024: linuxsoft.cern.ch is no longer responding

Summary				In	Importance	Status
	1920024	linuxsoft.cern.ch is no longer responding		StarlingX	High	Fix Released

Bug #1923458: basearch not always set

Summary				In	Importance	Status
	1923458	basearch not always set		StarlingX	Medium	Fix Released

Bug #1924691: systemd sends tons of useless PropertiesChanged messages when a mount happens

Summary				In	Importance	Status
	1924691	systemd sends tons of useless PropertiesChanged messages when a mount happens		StarlingX	Medium	Fix Released

Bug #1926372: CVE-2021-26937 screen segfault

Summary				In	Importance	Status
	1926372	CVE-2021-26937 screen segfault		StarlingX	High	Fix Released

Bug #1926987: Download_mirror.sh fails on 'flockflock'

Summary				In	Importance	Status
	1926987	Download_mirror.sh fails on 'flockflock'		StarlingX	Critical	Fix Released

Bug #1927137: Docker build env fails on git-review

Summary				In	Importance	Status
	1927137	Docker build env fails on git-review		StarlingX	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2019-16056

Related bugs and status

Related bugs

References