[SECURITY] [DLA 871-1] python3.2 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 871-1] python3.2 security update
From: Chris Lamb <lamby@debian.org>
Date: Sat, 25 Mar 2017 08:53:26 +0000
Message-id: <[🔎] 1490432006.1870128.923006728.27939550@webmail.messagingengine.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : python3.2
Version        : 3.2.3-7+deb7u1
CVE ID         : CVE-2016-0772

It was discovered that there was a TLS stripping vulnerability in the smptlib
library distributed with the CPython interpreter.

The library did not return an error if StartTLS failed, which might have
allowed man-in-the-middle attackers to bypass the TLS protections by leveraging
a network position to block the StartTLS command.

For Debian 7 "Wheezy", this issue has been fixed in python3.2 version
3.2.3-7+deb7u1.

We recommend that you upgrade your python3.2 packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAljWLm0ACgkQHpU+J9Qx
Hljq2g/+L3+AjXMvIMi1n3TaPsgDOKoD+yDSBSbOXnzVIQ9p4ZqZNqJZ78ckipyy
hiOElAgeaXkR4+wjrovf0X6/SMR10lu5hMLuFY4X6Yybza1Da8686Xl1Njk+Yu2h
l74gpe6gJjmV43a1bv/Xv2GzOvG91DG034LeW67ioAc9LxUE6dsvopzQlwW29hRn
DfnZE9Cxxe9n0MvTdhzT8S4kHwQnKHm/Gzyz9JBtD1ubjoCQJ1Na/bsbNXEH3nv+
bCT7c37bdtVv/6q7LpLwOHywch3XlfokSTIG/nOSIbvty5o4/Q3c0psdKWVf1QJV
C9MrdFplxLrvoa0qkW3eO3qeG0KLXy/Xk31LCsZFOQ/zbdJTQZU06/uAYqiOYhKb
0Gxr6Lvn+IpGj83S8heuAOoHah6W8to5P6/9n1bdeEu7/r8OvXNFlIxyOxWO6a3h
fA9uBM6zUWxt+4uOsHYftRRjnejT4/mGT9td7WKxj2kDnxrSKX1iFL4bivA3+AMi
iYgNA3WeQNMJqUSKRVgG6GLQJweKjwecWJDgozWUq1JQF1P/9s52qEt6QNR2wmnh
XaY75a9q3ejYBZb3NB8re3TXMsdqvu5ObMhgFwYwTmptEF5YAWaEkb3tZkxRgtMp
UBhdO7NXwYE5aekTiwfbDGchNaKl5pWRo2hPgsH1p1UTfIbh0ZY=
=t6S8
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 870-1] libplist security update
Next by Date: [SECURITY] [DLA 872-1] xrdp security update
Previous by thread: [SECURITY] [DLA 870-1] libplist security update
Next by thread: [SECURITY] [DLA 872-1] xrdp security update
Index(es):
- Date
- Thread