This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author martin.ortner
Recipients barry, christian.heimes, lukasz.langa, martin.ortner, miguendes, ned.deily, r.david.murray
Date 2021-07-13.17:36:32
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1626197793.35.0.538596059645.issue43124@roundup.psfhosted.org>
In-reply-to
Content 
> This bug report starts with "a malicious user with direct access to `smtplib.SMTP(..., local_hostname, ..)", which is a senseless supposition.  Anyone with "access to" the SMTP object could just as well be talking directly to the SMTP server and do anything they want that SMTP itself allows.

Let's not argue about the phrasing and settle on the fact that I am not a native English speaker which might be the root cause of the confusion. The core of the issue is that this *unexpected side-effect* may be security-relevant. Fixing it probably takes less time than arguing about phrasing, severity, or spending time describing exploitation scenarios for a general-purpose library that should protect the underlying protocol from injections. 


Be kind, I come in peace.
History
Date User Action Args
2021-07-13 17:36:33martin.ortnersetrecipients: + martin.ortner, barry, christian.heimes, ned.deily, r.david.murray, lukasz.langa, miguendes
2021-07-13 17:36:33martin.ortnersetmessageid: <1626197793.35.0.538596059645.issue43124@roundup.psfhosted.org>
2021-07-13 17:36:33martin.ortnerlinkissue43124 messages
2021-07-13 17:36:32martin.ortnercreate