This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author vstinner
Recipients barry, r.david.murray, rad164, vstinner, xtreak
Date 2019-06-17.16:50:46
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1560790246.63.0.88379697841.issue33529@roundup.psfhosted.org>
In-reply-to
Content 
Python 2.7 doesn't have email.policy module.

For Python 2.7, I wrote this code:
---
import email.header
import email.message

msg = email.message.Message()
msg.set_charset("UTF-8")
msg['Subject'] = email.header.Header(u'\u0105' * 12, maxlinelen=20, charset="UTF-8")
print(msg.as_string())
---

I get this output:
---
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Subject: =?utf-8?b?xIU=?=
 =?utf-8?b?xIU=?=
 =?utf-8?b?xIU=?=
 =?utf-8?b?xIU=?=
 =?utf-8?b?xIU=?=
 =?utf-8?b?xIU=?=
 =?utf-8?b?xIU=?=
 =?utf-8?b?xIU=?=
 =?utf-8?b?xIU=?=
 =?utf-8?b?xIU=?=
 =?utf-8?b?xIU=?=
 =?utf-8?b?xIU=?=


---

I have no idea if this example says that Python 2.7 is vulnerable or not. I get a different output on the master branch:
---
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Subject: =?utf-8?b?xIXEhcSFxIXEhcSFxIXEhcSFxIXEhcSF?=


---

But I don't know if I use the email API properly. "Subject: =?utf-8?b?xIXEhcSFxIXEhcSFxIXEhcSFxIXEhcSF?=" is longer than 20 characters.
History
Date User Action Args
2019-06-17 16:50:46vstinnersetrecipients: + vstinner, barry, r.david.murray, rad164, xtreak
2019-06-17 16:50:46vstinnersetmessageid: <1560790246.63.0.88379697841.issue33529@roundup.psfhosted.org>
2019-06-17 16:50:46vstinnerlinkissue33529 messages
2019-06-17 16:50:46vstinnercreate