[issue30585] [security][3.3] Backport smtplib fix for TLS stripping vulnerability, CVE-2016-0772

Ned Deily added the comment: Merged for release in 3.3.7rc1 -- priority: release blocker -> resolution: -> fixed stage: -> resolved status: open -> closed ___ Python tracker

[issue30585] [security][3.3] Backport smtplib fix for TLS stripping vulnerability, CVE-2016-0772

Ned Deily added the comment: New changeset 3625f7fd11679ecb390ffa58ef36d487acc8159b by Ned Deily (Victor Stinner) in branch '3.3': [3.3] bpo-30585: [security] raise an error when STARTTLS fails (#225) https://github.com/python/cpython/commit/3625f7fd11679ecb390ffa58ef36d487acc8159b

[issue30585] [security][3.3] Backport smtplib fix for TLS stripping vulnerability, CVE-2016-0772

STINNER Victor added the comment: PEP 398: Python 3.3 Release Schedule Python 3.3 branch end of support is expected to be at 2017-09-29, in 4 months. -- assignee: -> georg.brandl ___ Python tracker

[issue30585] [security][3.3] Backport smtplib fix for TLS stripping vulnerability, CVE-2016-0772

New submission from STINNER Victor: Attached pull request backports a fix for this security vulnerability: http://python-security.readthedocs.io/vuln/cve-2016-0772_smtplib_tls_stripping.html "A vulnerability in smtplib allowing MITM attacker to perform a startTLS stripping attack. smtplib does