[3.5] python: security vulnerabilities (CVE-2016-0772 , CVE-2016-5636 , CVE-2016-5699)
CVE-2016-0772: smtplib StartTLS stripping attack.
CVE-2016-5636: Heap overflow in zipimporter module .
CVE-2016-5699: HTTP header injection in urrlib2/urllib/httplib/http.client.
References:
http://openwall.com/lists/oss-security/2016/06/16/1
http://openwall.com/lists/oss-security/2016/06/16/2
http://openwall.com/lists/oss-security/2016/06/14/9
https://bugs.python.org/issue26171
https://bugs.python.org/issue5124
https://bugs.python.org/issue22928
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5699
(from redmine: issue id 5799, created on 2016-06-26, closed on 2016-07-07)
- Relations:
- parent #5798 (closed)