Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[3.3] bpo-30585: raise an error when STARTTLS fails #225

Merged
merged 4 commits into from Jul 19, 2017
Merged

[3.3] bpo-30585: raise an error when STARTTLS fails #225

merged 4 commits into from Jul 19, 2017

Conversation

vstinner
Copy link
Member

(cherry picked from commit 46b32f3)

@benjaminp @vstinner
raise an error when STARTTLS fails
981847e 
(cherry picked from commit 46b32f3)
@vstinner vstinner added the type-security A security issue label Feb 21, 2017
@vstinner
Copy link
Member Author

Backport of a fix for the security vulnerability CVE-2016-0772.

http://python-security.readthedocs.io/vulnerabilities.html#cve-2016-0772

@vstinner
Copy link
Member Author

@birkenfeld: The backport fixes a security vulnerability:
http://python-security.readthedocs.io/vuln/cve-2016-0772_smtplib_tls_stripping.html

@ned-deily
Copy link
Member

If you want this included in 3.3, you should open or use an existing issue and mark it as "release-blocker". Otherwise, it will likely be forgotten.

@vstinner vstinner changed the title raise an error when STARTTLS fails [3.3] raise an error when STARTTLS fails Mar 27, 2017
@vstinner vstinner changed the title [3.3] raise an error when STARTTLS fails [3.3] bpo-30585: raise an error when STARTTLS fails Jun 7, 2017
@vstinner
Copy link
Member Author

vstinner commented Jun 7, 2017

ned-deily: "If you want this included in 3.3, you should open or use an existing issue and mark it as "release-blocker". Otherwise, it will likely be forgotten."

Ok, done: http://bugs.python.org/issue30585

@vstinner
Copy link
Member Author

vstinner commented Jun 7, 2017

@birkenfeld: Georg, can you please merge this change? It fixes a major security vulnerability already fixed in all other branches.

@ned-deily ned-deily merged commit 3625f7f into python:3.3 Jul 19, 2017
@vstinner vstinner deleted the CVE-2016-0772/3.3 branch August 10, 2017 23:30
jaraco added a commit to jaraco/cpython that referenced this pull request Feb 17, 2023
@jaraco
Merge pull request python#225 from FFY00.
388c07b
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@birkenfeld birkenfeld Awaiting requested review from birkenfeld

Assignees
No one assigned
Labels
type-security A security issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@vstinner @ned-deily @the-knights-who-say-ni @benjaminp