092bdc1 Fix for CVE-2016-0772 and CVE-2016-5699

Authored and Committed by churchyard 7 years ago
    Fix for CVE-2016-0772 and CVE-2016-5699
    Fix for: CVE-2016-0772 python: smtplib StartTLS stripping attack
    - Raise an error when STARTTLS fails
    - rhbz#1303647: https://bugzilla.redhat.com/show_bug.cgi?id=1303647
    - rhbz#1351680: https://bugzilla.redhat.com/show_bug.cgi?id=1351680
    - Fixed upstream: https://hg.python.org/cpython/rev/d590114c2394
    Fix for: CVE-2016-5699 python: http protocol steam injection attack
    - rhbz#1303699: https://bugzilla.redhat.com/show_bug.cgi?id=1303699
    - rhbz#1351687: https://bugzilla.redhat.com/show_bug.cgi?id=1351687
    - Fixed upstream: https://hg.python.org/cpython/rev/bf3e1c9b80e9
file modified
+26 -1