CVE 2016-0772
The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
Related bugs and status
CVE-2016-0772 (Candidate) is related to these bugs:
Bug #1264554: python3.4 autopkg test failures
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1264554 | python3.4 autopkg test failures | python3.4 (Ubuntu) | High | Fix Released | ||
1264554 | python3.4 autopkg test failures | python3.3 (Ubuntu) | High | Won't Fix | ||
1264554 | python3.4 autopkg test failures | python3.4 (Ubuntu Trusty) | High | Fix Released |
Bug #1571198: Missing symlink in python2.7-dbg package
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1571198 | Missing symlink in python2.7-dbg package | python2.7 (Ubuntu) | Undecided | Fix Released | ||
1571198 | Missing symlink in python2.7-dbg package | python2.7 (Ubuntu Xenial) | Undecided | Fix Released |
Bug #1578927: idle crashes on configure through menu
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1578927 | idle crashes on configure through menu | python2.7 (Ubuntu) | Undecided | Fix Released | ||
1578927 | idle crashes on configure through menu | Python | Unknown | Fix Released | ||
1578927 | idle crashes on configure through menu | python2.7 (Ubuntu Xenial) | Undecided | Fix Released |
Bug #1591895: SRU: backport python 2.7.12 to 16.04 LTS
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1591895 | SRU: backport python 2.7.12 to 16.04 LTS | python2.7 (Ubuntu) | Undecided | Fix Released | ||
1591895 | SRU: backport python 2.7.12 to 16.04 LTS | python2.7 (Ubuntu Xenial) | Undecided | Fix Released | ||
1591895 | SRU: backport python 2.7.12 to 16.04 LTS | python-stdlib-extensions (Ubuntu) | Undecided | Fix Released | ||
1591895 | SRU: backport python 2.7.12 to 16.04 LTS | python-stdlib-extensions (Ubuntu Xenial) | Undecided | Fix Released | ||
1591895 | SRU: backport python 2.7.12 to 16.04 LTS | python-defaults (Ubuntu) | Undecided | Fix Released | ||
1591895 | SRU: backport python 2.7.12 to 16.04 LTS | python-defaults (Ubuntu Xenial) | Undecided | Fix Released | ||
1591895 | SRU: backport python 2.7.12 to 16.04 LTS | python-defaults (Ubuntu Zesty) | Undecided | New |
See the
CVE page on Mitre.org
for more details.