-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 05 May 2022 09:59:26 -0400 Source: twisted Binary: python3-twisted twisted-doc Architecture: all Version: 20.3.0-7+deb11u1 Distribution: bullseye Urgency: medium Maintainer: all Build Daemon (x86-grnet-02) Changed-By: Stefano Rivera Description: python3-twisted - Event-based framework for internet applications twisted-doc - Official documentation of Twisted Changes: twisted (20.3.0-7+deb11u1) bullseye; urgency=medium . * Team upload. * CVE-2022-21712: Information disclosure results in leaking of HTTP cookie and authorization headers when following cross origin redirects - debian/patches/CVE-2022-21712-*.patch: Ensure sensitive HTTP headers are removed when forming requests, in src/twisted/web/client.py, src/twisted/web/test/test_agent.py and src/twisted/web/iweb.py. - Thanks Canonical for backporting the patches. * CVE-2022-21716: Parsing of SSH version identifier field during an SSH handshake can result in a denial of service when excessively large packets are received - debian/patches/CVE-2022-21716-*.patch: Ensure that length of received handshake buffer is checked, prior to processing version string in src/twisted/conch/ssh/transport.py and src/twisted/conch/test/test_transport.py - Thanks Canonical for backporting the patches. * CVE-2022-24801: Correct several defects in HTTP request parsing that could permit HTTP request smuggling: disallow signed Content-Length headers, forbid illegal characters in chunked extensions, forbid 0x prefix to chunk lengths, and only strip space and horizontal tab from header values. - debian/patches/CVE-2022-24801-*.patch * Patch: remove spurious test for illegal whitespace in xmlns, to allow tests to pass, again. Checksums-Sha1: 618a21267ecb6c4e9caef2f9cedfb7e02146bdb5 1965648 python3-twisted_20.3.0-7+deb11u1_all.deb 08b35fe1215ac567f48e93fbc0ca865022a7fb38 1124672 twisted-doc_20.3.0-7+deb11u1_all.deb 923966027b9325a0d0d8cdfd3afae638b949e7d8 8348 twisted_20.3.0-7+deb11u1_all-buildd.buildinfo Checksums-Sha256: 2b70729e29cbaefc62ddf9b7a5cca3be6363aacd1df4e7a1515c3f2199701669 1965648 python3-twisted_20.3.0-7+deb11u1_all.deb 41ac3861e325b8022a6ea3c286ab4d5e29d4ee337b3b3d297fc4eb5286851c47 1124672 twisted-doc_20.3.0-7+deb11u1_all.deb b6e3be828b592ea1f9b23b149ba1eafb612d8d72f66f2fe59167cbdc3d0e0ef9 8348 twisted_20.3.0-7+deb11u1_all-buildd.buildinfo Files: a989d3ffd19d47940d7b9a3875094a30 1965648 python optional python3-twisted_20.3.0-7+deb11u1_all.deb d31a62948e917a1a6d2a2676352f70bb 1124672 doc optional twisted-doc_20.3.0-7+deb11u1_all.deb a97456de812b4065c1f2e094be798371 8348 python optional twisted_20.3.0-7+deb11u1_all-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfA7dsu0ZDzzHaw+5NX/smi6DkKgFAmKAG3EACgkQNX/smi6D kKj5wA/8CvojliFl7nE7aU6SNAoW7CMJpIVHfr7/aQbRai9TwMtknnEm0GxhUUN2 Sh8ntOmiHKnLmgH/aKU32uJoOwMWRGrc2ReS9A1kZ8eFqTw11VtUl3Jj/zfQuYtB a5CwORkEfenQRA7i+E+RFrdiy1WfAKjajTfRTtGFwZAr2cmKAwyTFYL74hLU96Ja cdxB9zz/q29xho2EfEqWFweJq+5oHBrGDXxSpUIktqpNrQC0ZgaewgBfjPQNHlxI F1ij1Air9EpUt4bLBaw1K8KGqCtig9MJnxINEaO9f5J5rw4LFH7mPuDy4SLiLUyh G99hVYh2hCeBv8DTJHIsKiwSLnj1fucd0NAOqtIbPzQlR3KlG/CDp0FkdK0uo7jW wqS3O3I3pwCJmJ9zxXfIN4S4mxd7SZWCaF6X8ZVj9tVjkKE2BUQyGo8KE/ylRBma 6pXz1QNebS4s4BtcZI+HQ+J+FOwPnSsyby7MS1hj9+M+IKmhyrDjckily8ctci9X 9C0VBGqkAAPrUR9/S+A/Gs1p8DDiLBS6XD6jTwg3pOUA3hxTIqgNJMhnEnfVuHpJ E3yvYU1dRvVdRsMu2sbuxzgw9EnZwbBpFKEJsmtT6bsxsqF1V3fJ+EP3Vc1ygdUU 3ifL16MMi9hSBhg29xqC43clCA5gO4BTGhpb4FxtjK2kdv9/elQ= =c6it -----END PGP SIGNATURE-----