[Bug 1520698] [NEW] Regresssion: CVE-2013-1752-smtplib.patch breaks SMTP over TLS

Marc-Etienne M.Léveillé ubuntu at marcetienne.com
Fri Nov 27 20:47:36 UTC 2015 

Public bug reported:

There is a bug in the latest version (12.04, python3.2 3.2.3-0ubuntu3.7)
that prevents smtplib to work on with SSL connection.

Expected:
E-mail message sent.

Result:
The error is the following:
  File "/home/user/send_mail.py", line XX, in send_mail
    smtp.login(username, password)
  File "/usr/lib/python3.2/smtplib.py", line 594, in login
    self.ehlo_or_helo_if_needed()
  File "/usr/lib/python3.2/smtplib.py", line 553, in ehlo_or_helo_if_needed
    if not (200 <= self.ehlo()[0] <= 299):
  File "/usr/lib/python3.2/smtplib.py", line 420, in ehlo
    (code, msg) = self.getreply()
  File "/usr/lib/python3.2/smtplib.py", line 367, in getreply
    line = self.file.readline(_MAXLINE + 1)
TypeError: readline() takes exactly 1 positional argument (2 given)

Cause:
CVE-2013-1752-smtplib.patch does not modify SSLFakeFile.readline(..) to accept additional parameters.

The updated patch is here:
https://hg.python.org/cpython/rev/8a6def3add5b

-------->8---------

$ lsb_release -rd
Description:    Ubuntu 12.04.5 LTS
Release:        12.04

** Affects: python3.2 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to python3.2 in Ubuntu.
https://bugs.launchpad.net/bugs/1520698

Title:
  Regresssion: CVE-2013-1752-smtplib.patch breaks SMTP over TLS

Status in python3.2 package in Ubuntu:
  New

Bug description:
  There is a bug in the latest version (12.04, python3.2
  3.2.3-0ubuntu3.7) that prevents smtplib to work on with SSL
  connection.

  Expected:
  E-mail message sent.

  Result:
  The error is the following:
    File "/home/user/send_mail.py", line XX, in send_mail
      smtp.login(username, password)
    File "/usr/lib/python3.2/smtplib.py", line 594, in login
      self.ehlo_or_helo_if_needed()
    File "/usr/lib/python3.2/smtplib.py", line 553, in ehlo_or_helo_if_needed
      if not (200 <= self.ehlo()[0] <= 299):
    File "/usr/lib/python3.2/smtplib.py", line 420, in ehlo
      (code, msg) = self.getreply()
    File "/usr/lib/python3.2/smtplib.py", line 367, in getreply
      line = self.file.readline(_MAXLINE + 1)
  TypeError: readline() takes exactly 1 positional argument (2 given)

  Cause:
  CVE-2013-1752-smtplib.patch does not modify SSLFakeFile.readline(..) to accept additional parameters.

  The updated patch is here:
  https://hg.python.org/cpython/rev/8a6def3add5b

  -------->8---------

  $ lsb_release -rd
  Description:    Ubuntu 12.04.5 LTS
  Release:        12.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python3.2/+bug/1520698/+subscriptions

More information about the foundations-bugs mailing list