Debian Security Advisory
DLA-871-1 python3.2 -- LTS security update
- Date Reported:
- 25 Mar 2017
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2016-0772.
- More information:
It was discovered that there was a TLS stripping vulnerability in the smptlib library distributed with the CPython interpreter.
The library did not return an error if StartTLS failed, which might have allowed man-in-the-middle attackers to bypass the TLS protections by leveraging a network position to block the StartTLS command.
For Debian 7
Wheezy, this issue has been fixed in python3.2 version 3.2.3-7+deb7u1.
We recommend that you upgrade your python3.2 packages.