Errata overview
Errata ID 261
Date 2016-09-07
Source package python2.7
Fixed in version 2.7.3-6.7.201608291252
This update addresses the following issue(s):
* A vulnerability in smtplib allowing MITM attacker to perform a
  startTLS stripping attack. smtplib does not seem to raise an
  exception when the remote end (smtp server) is capable of
  negotiating starttls but fails to respond with 220 (ok) to an
  explicit call of SMTP.starttls(). This may allow a malicious MITM
  to perform a startTLS stripping attack if the client code does not
  explicitly check the response code for startTLS (CVE-2016-0772)
* Issue #26171: Fix possible integer overflow and heap corruption in
  zipimporter.get_data() (CVE-2016-5636)
* Protocol injection can occur not only if an application sets a
  header based on user-supplied values, but also if the application
  ever tries to fetch a URL specified by an attacker (SSRF case) OR
  if the application ever accesses any malicious web server
  (redirection case) (CVE-2016-5699)
Additional notes
CVE ID CVE-2016-0772
UCS Bug number #36977