I didn't spot anyone else report this to mitmproxy so I raised an issue to make them aware: https://github.com/mitmproxy/mitmproxy/issues/5297

On Tue, Apr 26, 2022 at 3:30 AM Victor Stinner <vstinner@python.org> wrote:
On Tue, Apr 26, 2022 at 5:47 AM Brett Cannon <brett@python.org> wrote:
> After talking about this in the SC today, we agreed to deprecate mailcap under the auspices of PEP 594: https://github.com/python/peps/commit/701999a91dc5f976c00d5bde1510226ebd9c7822 .

Good. I proposed https://github.com/python/cpython/pull/91951 to
implement the deprecation in Python 3.11.

Fixing or documenting the shell injection vulnerability CVE-2015-20107
is still being discussed at:

Python-Dev mailing list -- python-dev@python.org
To unsubscribe send an email to python-dev-leave@python.org
Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/Y4IAWAWYTNKSIAVTXJGV2ZMQTFV5WYTT/
Code of Conduct: http://python.org/psf/codeofconduct/