1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted twisted 20.3.0-7+deb11u1 (source) into proposed-updates->stabl

    From Debian FTP Masters@21:1/5 to All on Sat May 14 16:20:01 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Thu, 05 May 2022 09:59:26 -0400
    Source: twisted
    Architecture: source
    Version: 20.3.0-7+deb11u1
    Distribution: bullseye
    Urgency: medium
    Maintainer: Debian Python Team <team+python@tracker.debian.org>
    Changed-By: Stefano Rivera <stefanor@debian.org>
    Changes:
    twisted (20.3.0-7+deb11u1) bullseye; urgency=medium
    .
    * Team upload.
    * CVE-2022-21712: Information disclosure results in leaking of HTTP cookie
    and authorization headers when following cross origin redirects
    - debian/patches/CVE-2022-21712-*.patch: Ensure sensitive HTTP headers are
    removed when forming requests, in src/twisted/web/client.py,
    src/twisted/web/test/test_agent.py and src/twisted/web/iweb.py.
    - Thanks Canonical for backporting the patches.
    * CVE-2022-21716: Parsing of SSH version identifier field during an SSH
    handshake can result in a denial of service when excessively large packets
    are received
    - debian/patches/CVE-2022-21716-*.patch: Ensure that length of received
    handshake buffer is checked, prior to processing version string in
    src/twisted/conch/ssh/transport.py and
    src/twisted/conch/test/test_transport.py
    - Thanks Canonical for backporting the patches.
    * CVE-2022-24801: Correct several defects in HTTP request parsing that could
    permit HTTP request smuggling: disallow signed Content-Length headers,
    forbid illegal characters in chunked extensions, forbid 0x prefix to chunk
    lengths, and only strip space and horizontal tab from header values.
    - debian/patches/CVE-2022-24801-*.patch
    * Patch: remove spurious test for illegal whitespace in xmlns, to allow
    tests to pass, again.
    Checksums-Sha1:
    b953fbeb230b136eec8d4991b47d9af01fc83894 1965 twisted_20.3.0-7+deb11u1.dsc
    57921a411ec3276d3ad929af13a0f7ce8a25372b 43572 twisted_20.3.0-7+deb11u1.debian.tar.xz
    e5c189d8c0a509d650a263ba784a9a20bd5d2e6c 6545 twisted_20.3.0-7+deb11u1_source.buildinfo
    Checksums-Sha256:
    c0a73d67c2c30749b7d5aabbcd58037a6ed26414d0b570215de5f0e8c732ce19 1965 twisted_20.3.0-7+deb11u1.dsc
    60f42ddde10c7e8f01b32254579e78d254a53a8ef77b42fe76eb562a0bd6a4aa 43572 twisted_20.3.0-7+deb11u1.debian.tar.xz
    59b2ae2d809dc5a1bdb85ca832b23cb20c7d49ebd6f6d9beeb600022dd1637c0 6545 twisted_20.3.0-7+deb11u1_source.buildinfo
    Files:
    a32632d50a6a6bb6514e2fde1698e70b 1965 python optional twisted_20.3.0-7+deb11u1.dsc
    ab9da6d93ae431fc8b0b4c06dbeca196 43572 python optional twisted_20.3.0-7+deb11u1.debian.tar.xz
    97fad520f87f79c74e1016eede16eeeb 6545 python optional twisted_20.3.0-7+deb11u1_source.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iIoEARYKADIWIQTumtb5BSD6EfafSCRHew2wJjpU2AUCYnPchRQcc3RlZmFub3JA ZGViaWFuLm9yZwAKCRBHew2wJjpU2Pt9AQC4qbmHzaI/nRwJcwoWvhaxH+3MtTIL oOiQCR80sbENhwD/SzuWTE3rYUqa5o+SFNH3MGsiEyCakOQIdOhpJAtDlAQ=
    =iXw5
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)