Fix CVE-2016-0772 and CVE-2016-5699 (rhbz#1348973, rhbz#1348982)
CVE-2016-0772 python: smtplib StartTLS stripping attack (rhbz#1303647)
Raise an error when STARTTLS fails (upstream patch)
CVE-2016-5699 python: http protocol steam injection attack (rhbz#1303699)
Disabled HTTP header injections in http.client (upstream patch)