-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 05 May 2022 10:01:06 -0400
Source: twisted
Binary: python-twisted python-twisted-conch python-twisted-core python-twisted-mail python-twisted-names python-twisted-news python-twisted-runner python-twisted-runner-dbg python-twisted-web python-twisted-words python3-twisted twisted-doc
Architecture: all
Version: 18.9.0-3+deb10u1
Distribution: buster
Urgency: medium
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: Stefano Rivera <stefanor@debian.org>
Description:
 python-twisted - Event-based framework for internet applications (dependency packa
 python-twisted-conch - twisted dummy package for Twisted SSH Implementation
 python-twisted-core - Event-based framework for internet applications
 python-twisted-mail - twisted dummy package for SMTP, IMAP and POP protocol implementat
 python-twisted-names - twisted package for DNS protocol implementation
 python-twisted-news - twisted dummy package for NNTP protocol implementation
 python-twisted-runner - twisted dummy package for process management
 python-twisted-runner-dbg - twisted dummy package for process management
 python-twisted-web - twisted dummy package for HTTP protocol implementation
 python-twisted-words - twisted dummy package for Chat and Instant Messaging
 python3-twisted - Event-based framework for internet applications
 twisted-doc - Official documentation of Twisted
Changes:
 twisted (18.9.0-3+deb10u1) buster; urgency=medium
 .
   * Team upload.
   * SECURITY UPDATE: incorrect URI and HTTP method validation
     - debian/patches/CVE-2019-12387.patch: prevent CRLF injections in
       src/twisted/web/_newclient.py, src/twisted/web/client.py,
       src/twisted/web/test/injectionhelpers.py,
       src/twisted/web/test/test_agent.py,
       src/twisted/web/test/test_webclient.py.
     - CVE-2019-12387
     - Thanks Marc Deslauriers at Canonical for backporting the patches.
   * SECURITY UPDATE: incorrect cert validation in XMPP support
     - debian/patches/CVE-2019-12855-*.patch: upstream patches to implement
       certificate checking.
     - CVE-2019-12855
     - Thanks Marc Deslauriers at Canonical for backporting the patches.
   * SECURITY UPDATE: HTTP/2 denial of service issues
     - debian/patches/CVE-2019-951x.patch: buffer outbound control frames
       and timeout invalid clients in src/twisted/web/_http2.py,
       src/twisted/web/error.py, src/twisted/web/http.py,
       src/twisted/web/test/test_http.py,
       src/twisted/web/test/test_http2.py.
     - CVE-2019-9511
     - CVE-2019-9514
     - CVE-2019-9515
     - Thanks Marc Deslauriers at Canonical for backporting the patches.
   * SECURITY UPDATE: request smuggling attacks
     - debian/patches/CVE-2020-1010x-pre1.patch: refactor to reduce
       duplication in src/twisted/web/test/test_http.py.
     - debian/patches/CVE-2020-1010x.patch: fix several request smuggling
       attacks in src/twisted/web/http.py,
       src/twisted/web/test/test_http.py.
     - CVE-2020-10108
     - CVE-2020-10109
     - Thanks Marc Deslauriers at Canonical for backporting the patches.
   * SECURITY UPDATE: Information disclosure results in leaking of HTTP cookie
     and authorization headers when following cross origin redirects
     - debian/patches/CVE-2022-21712-*.patch: Ensure sensitive HTTP headers are
       removed when forming requests, in src/twisted/web/client.py,
       src/twisted/web/test/test_agent.py and src/twisted/web/iweb.py.
     - CVE-2022-21712
     - Thanks Ray Veldkamp at Canonical for backporting the patches.
   * SECURITY UPDATE: Parsing of SSH version identifier field during an SSH
     handshake can result in a denial of service when excessively large packets
     are received
     - debian/patches/CVE-2022-21716-*.patch: Ensure that length of received
       handshake buffer is checked, prior to processing version string in
       src/twisted/conch/ssh/transport.py and
       src/twisted/conch/test/test_transport.py
     - CVE-2022-21716
     - Thanks Ray Veldkamp at Canonical for backporting the patches.
   * CVE-2022-24801: Correct several defects in HTTP request parsing that could
     permit HTTP request smuggling: disallow signed Content-Length headers,
     forbid illegal characters in chunked extensions, forbid 0x prefix to chunk
     lengths, and only strip space and horizontal tab from header values.
     - debian/patches/CVE-2022-24801-*.patch
   * Patch: remove spurious test for illegal whitespace in xmlns, to allow
     tests to pass, again.
Checksums-Sha1:
 a25a1937271d9f024ac4f422b4ada5dd64111477 34704 python-twisted-conch_18.9.0-3+deb10u1_all.deb
 e104b3186523d52cec119aef667436222044d973 2006324 python-twisted-core_18.9.0-3+deb10u1_all.deb
 d31f3c1eced8715073105cd91df3e7abe0f930e2 29296 python-twisted-mail_18.9.0-3+deb10u1_all.deb
 0c792241564157af4c10cea5aa0d66ae466fd6e8 24728 python-twisted-names_18.9.0-3+deb10u1_all.deb
 8e627a7bd79fb3b3da0b4e2075398afc3b9510a1 13828 python-twisted-news_18.9.0-3+deb10u1_all.deb
 d1777f8a8799d7ffdc037cbdc7fe8da1d3894f43 1040 python-twisted-runner-dbg_18.9.0-3+deb10u1_all.deb
 417b77745c6b5ceb4ce2ba563d39adb3fb7ddda4 13828 python-twisted-runner_18.9.0-3+deb10u1_all.deb
 755042dded17c01ad637268dfe9560d9ab3981ba 84360 python-twisted-web_18.9.0-3+deb10u1_all.deb
 dd4814674796c229eece985f3dc622ea0e4bf6fe 25152 python-twisted-words_18.9.0-3+deb10u1_all.deb
 9805bae9b93ddf8cba516b01a7e1fc501c26645f 14276 python-twisted_18.9.0-3+deb10u1_all.deb
 716a55151b29917d10846dc7b0b8f5862981a5ce 1943268 python3-twisted_18.9.0-3+deb10u1_all.deb
 8909140300f80eec3378e344c21efbb09b331e3b 781404 twisted-doc_18.9.0-3+deb10u1_all.deb
 2faa8a931a9adfd83aba819090f38e7358233b3a 12514 twisted_18.9.0-3+deb10u1_all-buildd.buildinfo
Checksums-Sha256:
 64d8de7309dba50521e51683ff3d46a1b6d492a32aa56c25274bbcdf5626c9a4 34704 python-twisted-conch_18.9.0-3+deb10u1_all.deb
 d690584e5e571470e7f6b4f8b034065069d7b52f85f6bad20cfc53fa3e40a709 2006324 python-twisted-core_18.9.0-3+deb10u1_all.deb
 28207136afdaf434323c0fa6fef12d75ffa2d8d527e3a5c196ca616187f403d1 29296 python-twisted-mail_18.9.0-3+deb10u1_all.deb
 953d2046fc34692051efe48638b9264c819c9a28a67620a2bcad46e0a1bd0e86 24728 python-twisted-names_18.9.0-3+deb10u1_all.deb
 82668588d310e0e9de07b961d0e5fcc94619ff589fdbc854aba1ac0ad9e7007e 13828 python-twisted-news_18.9.0-3+deb10u1_all.deb
 8b3dbb6020a9c4b067e0bd42caae046daf114b1fa196784d6d16b267838dec53 1040 python-twisted-runner-dbg_18.9.0-3+deb10u1_all.deb
 d64c0a94ece900b7be281b2040ac30787e3fcf0ed0d6cc07bc58bfbd75247055 13828 python-twisted-runner_18.9.0-3+deb10u1_all.deb
 1b5fe1657ba7a7caa0d089972e603c0e430e8c7dbaacdf7b6603e406acf2e6ab 84360 python-twisted-web_18.9.0-3+deb10u1_all.deb
 71e766b3721e7614423fc43687547b7cac5934b762b2b62e5e6d8211815e60fa 25152 python-twisted-words_18.9.0-3+deb10u1_all.deb
 007115c2ff11438bde51d58c83c20a7e64246e6b2160e9acc1281f24e56e5e77 14276 python-twisted_18.9.0-3+deb10u1_all.deb
 ffb2e8b3e4013d3aaa17cfc7695512d1c36d4cd9fa81edabdee29fc485309e22 1943268 python3-twisted_18.9.0-3+deb10u1_all.deb
 e96a42963e5031a86089481619479ee266d98762bf9baba695ef249d816ab129 781404 twisted-doc_18.9.0-3+deb10u1_all.deb
 89cfbac44e45a5788f21500483bcc73a711371f1271b4d13fcb55b8dcbc1c645 12514 twisted_18.9.0-3+deb10u1_all-buildd.buildinfo
Files:
 2df448586c641f672134883383ba4e07 34704 python optional python-twisted-conch_18.9.0-3+deb10u1_all.deb
 f0c74a34b3a8f237272c1b5197d2f93b 2006324 python optional python-twisted-core_18.9.0-3+deb10u1_all.deb
 7e5bbdc671cb836ee5046af098d85f82 29296 python optional python-twisted-mail_18.9.0-3+deb10u1_all.deb
 a3ee67e9bb65e6a2d77518081ec47c42 24728 python optional python-twisted-names_18.9.0-3+deb10u1_all.deb
 d636a647f7931bd2b76403639c2c2802 13828 python optional python-twisted-news_18.9.0-3+deb10u1_all.deb
 4d58a1d789069b5a7daa091d2f77a864 1040 debug optional python-twisted-runner-dbg_18.9.0-3+deb10u1_all.deb
 37215d952e5e26f89a6697eeac6f3b89 13828 python optional python-twisted-runner_18.9.0-3+deb10u1_all.deb
 4ad6f06c91ba2ae4a4dbd6f6d2c978f2 84360 python optional python-twisted-web_18.9.0-3+deb10u1_all.deb
 b46db97f091ff8bf603c1e3cefdfda93 25152 python optional python-twisted-words_18.9.0-3+deb10u1_all.deb
 91bfaab4eddbd3c6cd75b4872328f708 14276 python optional python-twisted_18.9.0-3+deb10u1_all.deb
 8e58906f4f2ae2ac01e07e98c928ae90 1943268 python optional python3-twisted_18.9.0-3+deb10u1_all.deb
 e720f0ad2468051be72f344197b1bd35 781404 doc optional twisted-doc_18.9.0-3+deb10u1_all.deb
 343242f2a1ec0803b327b6ee443a2d22 12514 python optional twisted_18.9.0-3+deb10u1_all-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfA7dsu0ZDzzHaw+5NX/smi6DkKgFAmKAGssACgkQNX/smi6D
kKiwuhAApdouACuS8JuMvS6Lrr9VqixNV6qfSKqgRRzaNHsQgxWGZDknRqEDSFWT
W2vo7YsNTh0OrKM6nAV8fFUNRBA/BsmFw0y5Fi5RfOR6Gaa0MFBeFd/Ivy6uJQTx
KuyqJd3BNW6APrfXXryS8gxn+LGtpe78qU11IioDMOHVEpt/IgBJMUDeVi57uLDX
ZkQYblXvccBRNabZAD7vSY3gV4+yxc58v58jjxc+PWtYLLv4i6CbOw+hWBqEkRi2
Gjm0Ezuov95xdP1fPgYI5qRFtJ2quaA/E7VcMsT1s5ZiTZ/nLTAYMZx6rLq03w29
5/Gj3Z1DgvIHbgCH+GFo8BC5G4kKR+bLLTrrRnxrcBYQio1T52EUVAAxtge6jsLz
UzfCW3oS+q+7pMm2Qr7lVsjQrcbRIzjzvdeIoyCIdaLooxeX6kVcVkM8brJWLG+s
iQCoceptLalXHn9NVhiS5RrqxLDM4msHZACBXytCpQrAQoN5SaBVSVe6lm4RSArz
ihgaQScK+28IG7TMxRtKKXETnGgyIKc3XGuQnJhyVHdZ2vT4M5Ldm3qs6PUk1+eQ
rQgOklKJMzk5tFYSQaFgIyQwC3YC1eUBJqo8C2q/6wtpk/aK+i/he+pdrjVymW03
sR+TZgsmTWlBc9SA0hVZBfbG2XFXiSHSCRQkPwyDW73H0OItqNQ=
=I/jY
-----END PGP SIGNATURE-----