subject:"\[issue20770\] Inform caller of smtplib STARTTLS failures"

[issue20770] Inform caller of smtplib STARTTLS failures

2016-07-01 Thread R. David Murray

Changes by R. David Murray : -- stage: -> resolved ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mai

[issue20770] Inform caller of smtplib STARTTLS failures

2016-07-01 Thread And Clover

And Clover added the comment: This is CVE-2016-0772 and appears to have been fixed properly with an exception here: https://hg.python.org/cpython/rev/d590114c2394 (py3) https://hg.python.org/cpython/rev/b3ce713fb9be (py2) -- resolution: -> fixed status: open -> closed ___

[issue20770] Inform caller of smtplib STARTTLS failures

2014-03-04 Thread Varun Sharma

Varun Sharma added the comment: I think that raising an exception for starttls failure can be avoided, so i have added a patch for documentation which adds the following line to doc string : "If server supports TLS but fails to start it, then it does not raise any exception". -- keywo

[issue20770] Inform caller of smtplib STARTTLS failures

2014-02-25 Thread Barry A. Warsaw

Changes by Barry A. Warsaw : -- nosy: +barry ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.pytho

[issue20770] Inform caller of smtplib STARTTLS failures

2014-02-25 Thread Antoine Pitrou

Antoine Pitrou added the comment: It probably isn't a good idea to break the API, but this should certainly be documented. -- nosy: +pitrou ___ Python tracker ___ __

[issue20770] Inform caller of smtplib STARTTLS failures

2014-02-25 Thread R. David Murray

R. David Murray added the comment: I agree that there is an argument for classifying this as a low-impact security bug. Whether or not it is so classified will affect how we fix it. I'll email the psrt about it. -- nosy: +r.david.murray ___ Python

[issue20770] Inform caller of smtplib STARTTLS failures

2014-02-25 Thread And Clover

And Clover added the comment: This could potentially be considered a security issue as it would allow a MitM attacker to sabotage the STARTTLS and get the rest of the content in the clear. I don't personally consider it too serious as I doubt anyone is (a) relying on the security of this for l

[issue20770] Inform caller of smtplib STARTTLS failures

2014-02-25 Thread And Clover

New submission from And Clover: When an SMTP server responds to the STARTTLS command with an error, the smtplib.SMTP.starttls() method does not raise an exception, as it would if TLS negotiation itself failed. Consequently naïve callers of the function may assume that a TLS connection has actu

[issue20770] Inform caller of smtplib STARTTLS failures

[issue20770] Inform caller of smtplib STARTTLS failures

[issue20770] Inform caller of smtplib STARTTLS failures

[issue20770] Inform caller of smtplib STARTTLS failures

[issue20770] Inform caller of smtplib STARTTLS failures

[issue20770] Inform caller of smtplib STARTTLS failures

[issue20770] Inform caller of smtplib STARTTLS failures

[issue20770] Inform caller of smtplib STARTTLS failures

8 matches

Site Navigation

Mail list logo

Footer information