# HG changeset patch # User Benjamin Peterson # Date 1465676202 25200 # Node ID b3ce713fb9beebfff9848cefa0acbd59acc68fe9 # Parent 3017e41b0c99d24e88faf1de447f230e2f64d122 raise an error when STARTTLS fails Upstream-status: Backport CVE: CVE-2016-0772 Signed-off-by: Armin Kuster Index: Python-2.7.9/Lib/smtplib.py =================================================================== --- Python-2.7.9.orig/Lib/smtplib.py +++ Python-2.7.9/Lib/smtplib.py @@ -656,6 +656,11 @@ class SMTP: self.ehlo_resp = None self.esmtp_features = {} self.does_esmtp = 0 + else: + # RFC 3207: + # 501 Syntax error (no parameters allowed) + # 454 TLS not available due to temporary reason + raise SMTPResponseException(resp, reply) return (resp, reply) def sendmail(self, from_addr, to_addrs, msg, mail_options=[], Index: Python-2.7.9/Misc/NEWS =================================================================== --- Python-2.7.9.orig/Misc/NEWS +++ Python-2.7.9/Misc/NEWS @@ -5136,6 +5136,9 @@ Library - Issue #8140: Extend compileall to compile single files. Add -i option. +- Fix TLS stripping vulnerability in smptlib, CVE-2016-0772. Reported by Team + Oststrom + - Issue #7356: ctypes.util: Make parsing of ldconfig output independent of the locale.