Back to bug 1303647
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-02-01 15:04:23 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-02-01 15:04:23 UTC | Doc Type | --- | Bug Fix |
| Adam Mariš | 2016-02-01 15:05:29 UTC | CC | cheimes | |
| Adam Mariš | 2016-02-01 17:09:42 UTC | Blocks | 1303701 | |
| Cedric Buissart | 2016-05-20 07:59:05 UTC | CC | cbuissar | |
| Cedric Buissart | 2016-06-10 08:51:30 UTC | Doc Text | It was found that Python's smtplib library did not return an exception if StartTLS fails to establish correctly in the SMTP.starttls() function. An attacker with ability to launch an active man in the middle attack could strip out the STARTTLS command without generating an exception on the python SMTP client application, preventing the establishment of the TLS layer. | |
| Cedric Buissart | 2016-06-10 11:21:47 UTC | Whiteboard | impact=moderate,public=no,reported=20160131,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-5/python=new,rhel-6/python=new,rhel-7/python=new,rhscl-2/python27-python=new,rhscl-1/python33-python=new,rhscl-2/rh-python34-python=new,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected | impact=moderate,public=no,reported=20160131,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-5/python=wontfix,rhel-6/python=affected,rhel-7/python=affected,rhscl-2/python27-python=affected,rhscl-1/python33-python=affected,rhscl-2/rh-python34-python=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected |
| Tomas Hoger | 2016-06-10 11:23:58 UTC | Whiteboard | impact=moderate,public=no,reported=20160131,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-5/python=wontfix,rhel-6/python=affected,rhel-7/python=affected,rhscl-2/python27-python=affected,rhscl-1/python33-python=affected,rhscl-2/rh-python34-python=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected | impact=moderate,public=no,reported=20160131,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-5/python=wontfix,rhel-6/python=affected,rhel-7/python=affected,rhscl-2/python27-python=affected,rhscl-2/python33-python=affected,rhscl-2/rh-python34-python=affected,rhscl-2/rh-python35-python=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected |
| Cedric Buissart | 2016-06-14 15:09:06 UTC | Whiteboard | impact=moderate,public=no,reported=20160131,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-5/python=wontfix,rhel-6/python=affected,rhel-7/python=affected,rhscl-2/python27-python=affected,rhscl-2/python33-python=affected,rhscl-2/rh-python34-python=affected,rhscl-2/rh-python35-python=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected | impact=moderate,public=20160611,reported=20160131,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-5/python=wontfix,rhel-6/python=affected,rhel-7/python=affected,rhscl-2/python27-python=affected,rhscl-2/python33-python=affected,rhscl-2/rh-python34-python=affected,rhscl-2/rh-python35-python=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected |
| Cedric Buissart | 2016-06-14 15:09:09 UTC | Summary | EMBARGOED CVE-2016-0772 python: smtplib StartTLS stripping attack | CVE-2016-0772 python: smtplib StartTLS stripping attack |
| Cedric Buissart | 2016-06-14 15:09:11 UTC | Group | security, qe_staff | |
| Cedric Buissart | 2016-06-14 15:09:30 UTC | Depends On | 1346344 | |
| Cedric Buissart | 2016-06-14 15:09:43 UTC | Depends On | 1346345 | |
| Cedric Buissart | 2016-06-14 15:09:55 UTC | Depends On | 1346346 | |
| Cedric Buissart | 2016-06-14 15:33:27 UTC | Depends On | 1346354 | |
| Cedric Buissart | 2016-06-14 15:33:31 UTC | Depends On | 1346355 | |
| Cedric Buissart | 2016-06-14 15:33:36 UTC | Depends On | 1346356 | |
| Cedric Buissart | 2016-06-14 15:33:40 UTC | Depends On | 1346357 | |
| Cedric Buissart | 2016-06-14 15:33:44 UTC | Depends On | 1346358 | |
| Cedric Buissart | 2016-06-14 15:33:50 UTC | Depends On | 1346359 | |
| Cedric Buissart | 2016-06-14 15:33:56 UTC | Depends On | 1346360 | |
| Cedric Buissart | 2016-06-14 15:34:01 UTC | Depends On | 1346361 | |
| Salvatore Bonaccorso | 2016-06-14 19:59:09 UTC | CC | carnil | |
| Slawomir Czarko | 2016-06-15 07:51:28 UTC | CC | slawomir | |
| Tomas Orsava | 2016-06-17 11:54:39 UTC | CC | torsava | |
| Cedric Buissart | 2016-06-22 12:20:59 UTC | Whiteboard | impact=moderate,public=20160611,reported=20160131,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-5/python=wontfix,rhel-6/python=affected,rhel-7/python=affected,rhscl-2/python27-python=affected,rhscl-2/python33-python=affected,rhscl-2/rh-python34-python=affected,rhscl-2/rh-python35-python=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected | impact=moderate,public=20160611,reported=20160131,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-5/python=wontfix,rhel-6/python=affected,rhel-7/python=affected,rhscl-2/python27-python=affected,rhscl-2/python33-python=affected,rhscl-2/rh-python34-python=affected,rhscl-2/rh-python35-python=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected,epel-7/python34=affected |
| Cedric Buissart | 2016-06-22 12:21:07 UTC | CC | cstratak, kevin, pviktori | |
| Cedric Buissart | 2016-06-22 12:25:25 UTC | Depends On | 1348973 | |
| Norman Sardella | 2016-06-22 17:41:44 UTC | CC | sardella | |
| Miro Hrončok | 2016-06-30 12:34:51 UTC | CC | mhroncok | |
| Cedric Buissart | 2016-06-30 14:39:13 UTC | Whiteboard | impact=moderate,public=20160611,reported=20160131,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-5/python=wontfix,rhel-6/python=affected,rhel-7/python=affected,rhscl-2/python27-python=affected,rhscl-2/python33-python=affected,rhscl-2/rh-python34-python=affected,rhscl-2/rh-python35-python=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected,epel-7/python34=affected | impact=moderate,public=20160611,reported=20160131,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-5/python=wontfix,rhel-6/python=affected,rhel-7/python=affected,rhscl-2/python27-python=affected,rhscl-2/python33-python=affected,rhscl-2/rh-python34-python=affected,rhscl-2/rh-python35-python=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected,epel-7/python34=affected,fedora-all/pypy=affected,epel-5/pypy=affected,epel-6/pypy=affected,epel-7/pypy=affected |
| Cedric Buissart | 2016-06-30 14:39:32 UTC | CC | mcyprian, python-sig, tomspur | |
| Cedric Buissart | 2016-06-30 14:40:12 UTC | Whiteboard | impact=moderate,public=20160611,reported=20160131,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-5/python=wontfix,rhel-6/python=affected,rhel-7/python=affected,rhscl-2/python27-python=affected,rhscl-2/python33-python=affected,rhscl-2/rh-python34-python=affected,rhscl-2/rh-python35-python=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected,epel-7/python34=affected,fedora-all/pypy=affected,epel-5/pypy=affected,epel-6/pypy=affected,epel-7/pypy=affected | impact=moderate,public=20160611,reported=20160131,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-5/python=wontfix,rhel-6/python=affected,rhel-7/python=affected,rhscl-2/python27-python=affected,rhscl-2/python33-python=affected,rhscl-2/rh-python34-python=affected,rhscl-2/rh-python35-python=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected,epel-7/python34=affected,fedora-all/pypy=affected,epel-5/pypy=affected,epel-6/pypy=affected,epel-7/pypy=affected,fedora-all/pypy3=affected |
| Cedric Buissart | 2016-06-30 14:46:22 UTC | Depends On | 1351679 | |
| Cedric Buissart | 2016-06-30 14:46:38 UTC | Depends On | 1351680 | |
| Cedric Buissart | 2016-06-30 14:48:27 UTC | Depends On | 1351681 | |
| Cedric Buissart | 2016-06-30 14:48:51 UTC | Depends On | 1351682 | |
| Cedric Buissart | 2016-06-30 14:49:27 UTC | Depends On | 1351684 | |
| Cedric Buissart | 2016-07-20 09:28:17 UTC | Whiteboard | impact=moderate,public=20160611,reported=20160131,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-5/python=wontfix,rhel-6/python=affected,rhel-7/python=affected,rhscl-2/python27-python=affected,rhscl-2/python33-python=affected,rhscl-2/rh-python34-python=affected,rhscl-2/rh-python35-python=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected,epel-7/python34=affected,fedora-all/pypy=affected,epel-5/pypy=affected,epel-6/pypy=affected,epel-7/pypy=affected,fedora-all/pypy3=affected | impact=moderate,public=20160611,reported=20160131,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cvss3=4.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N,rhel-5/python=wontfix,rhel-6/python=affected,rhel-7/python=affected,rhscl-2/python27-python=affected,rhscl-2/python33-python=affected,rhscl-2/rh-python34-python=affected,rhscl-2/rh-python35-python=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected,epel-7/python34=affected,fedora-all/pypy=affected,epel-5/pypy=affected,epel-6/pypy=affected,epel-7/pypy=affected,fedora-all/pypy3=affected |
| Tomas Hoger | 2016-07-21 22:10:11 UTC | Doc Text | It was found that Python's smtplib library did not return an exception if StartTLS fails to establish correctly in the SMTP.starttls() function. An attacker with ability to launch an active man in the middle attack could strip out the STARTTLS command without generating an exception on the python SMTP client application, preventing the establishment of the TLS layer. | It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls() function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the establishment of the TLS layer. |
| Cedric Buissart | 2016-08-18 20:56:15 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-08-18 16:56:15 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:43:28 UTC | Whiteboard | impact=moderate,public=20160611,reported=20160131,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cvss3=4.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N,rhel-5/python=wontfix,rhel-6/python=affected,rhel-7/python=affected,rhscl-2/python27-python=affected,rhscl-2/python33-python=affected,rhscl-2/rh-python34-python=affected,rhscl-2/rh-python35-python=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected,epel-7/python34=affected,fedora-all/pypy=affected,epel-5/pypy=affected,epel-6/pypy=affected,epel-7/pypy=affected,fedora-all/pypy3=affected |
Back to bug 1303647