FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-25 08:52:18 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
a61374fc-3a4d-11e6-a671-60a44ce6887b	Python -- HTTP Header Injection in Python urllib Guido Vranken reports: HTTP header injection in urrlib2/urllib/httplib/http.client with newlines in header values, where newlines have a semantic consequence of denoting the start of an additional header line. Discovery 2014-11-24 Entry 2016-06-30 Modified 2016-07-04 python27 < 2.7.10 python33 >= 0 python34 < 3.4.4 python35 < 3.5.0 https://bugs.python.org/issue22928 http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html http://www.openwall.com/lists/oss-security/2016/06/14/7 CVE-2016-5699
8d5368ef-40fe-11e6-b2ec-b499baebfeaf	Python -- smtplib StartTLS stripping vulnerability Red Hat reports: A vulnerability in smtplib allowing MITM attacker to perform a startTLS stripping attack. smtplib does not seem to raise an exception when the remote end (smtp server) is capable of negotiating starttls but fails to respond with 220 (ok) to an explicit call of SMTP.starttls(). This may allow a malicious MITM to perform a startTLS stripping attack if the client code does not explicitly check the response code for startTLS. Discovery 2016-06-14 Entry 2016-07-03 python27 < 2.7.12 python33 > 0 python34 < 3.4.5 python35 < 3.5.2 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0772 CVE-2016-0772

VuXML ID

Description

a61374fc-3a4d-11e6-a671-60a44ce6887b

Python -- HTTP Header Injection in Python urllib

Guido Vranken reports:

HTTP header injection in urrlib2/urllib/httplib/http.client with newlines in header values, where newlines have a semantic consequence of denoting the start of an additional header line.

Discovery 2014-11-24
Entry 2016-06-30
Modified 2016-07-04
python27

< 2.7.10

python33

>= 0

python34

< 3.4.4

python35

< 3.5.0

https://bugs.python.org/issue22928
http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html
http://www.openwall.com/lists/oss-security/2016/06/14/7
CVE-2016-5699

8d5368ef-40fe-11e6-b2ec-b499baebfeaf

Python -- smtplib StartTLS stripping vulnerability

Red Hat reports:

A vulnerability in smtplib allowing MITM attacker to perform a startTLS stripping attack. smtplib does not seem to raise an exception when the remote end (smtp server) is capable of negotiating starttls but fails to respond with 220 (ok) to an explicit call of SMTP.starttls(). This may allow a malicious MITM to perform a startTLS stripping attack if the client code does not explicitly check the response code for startTLS.

Discovery 2016-06-14
Entry 2016-07-03
python27

< 2.7.12

python33

> 0

python34

< 3.4.5

python35

< 3.5.2

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0772
CVE-2016-0772