Martin Ortner <martin.ort...@consensys.net> added the comment:
> This bug report starts with "a malicious user with direct access to > `smtplib.SMTP(..., local_hostname, ..)", which is a senseless supposition. > Anyone with "access to" the SMTP object could just as well be talking > directly to the SMTP server and do anything they want that SMTP itself allows. Let's not argue about the phrasing and settle on the fact that I am not a native English speaker which might be the root cause of the confusion. The core of the issue is that this *unexpected side-effect* may be security-relevant. Fixing it probably takes less time than arguing about phrasing, severity, or spending time describing exploitation scenarios for a general-purpose library that should protect the underlying protocol from injections. Be kind, I come in peace. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue43124> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
