-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 05 May 2022 09:59:26 -0400 Source: twisted Binary: python3-twisted-bin python3-twisted-bin-dbg Architecture: amd64 Version: 20.3.0-7+deb11u1 Distribution: bullseye Urgency: medium Maintainer: amd64 / i386 Build Daemon (x86-csail-01) Changed-By: Stefano Rivera Description: python3-twisted-bin - Event-based framework for internet applications python3-twisted-bin-dbg - Event-based framework for internet applications (debug extension) Changes: twisted (20.3.0-7+deb11u1) bullseye; urgency=medium . * Team upload. * CVE-2022-21712: Information disclosure results in leaking of HTTP cookie and authorization headers when following cross origin redirects - debian/patches/CVE-2022-21712-*.patch: Ensure sensitive HTTP headers are removed when forming requests, in src/twisted/web/client.py, src/twisted/web/test/test_agent.py and src/twisted/web/iweb.py. - Thanks Canonical for backporting the patches. * CVE-2022-21716: Parsing of SSH version identifier field during an SSH handshake can result in a denial of service when excessively large packets are received - debian/patches/CVE-2022-21716-*.patch: Ensure that length of received handshake buffer is checked, prior to processing version string in src/twisted/conch/ssh/transport.py and src/twisted/conch/test/test_transport.py - Thanks Canonical for backporting the patches. * CVE-2022-24801: Correct several defects in HTTP request parsing that could permit HTTP request smuggling: disallow signed Content-Length headers, forbid illegal characters in chunked extensions, forbid 0x prefix to chunk lengths, and only strip space and horizontal tab from header values. - debian/patches/CVE-2022-24801-*.patch * Patch: remove spurious test for illegal whitespace in xmlns, to allow tests to pass, again. Checksums-Sha1: bca03e37faed86c43426da27b7e4bf5e0c9f93d1 67720 python3-twisted-bin-dbg_20.3.0-7+deb11u1_amd64.deb 7fbda3dfcb7881b236aec91d1c4614a576fb5517 23100 python3-twisted-bin_20.3.0-7+deb11u1_amd64.deb 59241df91735784dc33e2b0cc932c85efbbd9330 7622 twisted_20.3.0-7+deb11u1_amd64-buildd.buildinfo Checksums-Sha256: 8df25f3cefb6eec7cea8f7d3e3ae53e4ae716d6eb3b6c605bd66097171fe88a6 67720 python3-twisted-bin-dbg_20.3.0-7+deb11u1_amd64.deb 46a930dee32dd0c2c63df5422eb9e3ae8e370af61c6b107c1451fa7a0488078d 23100 python3-twisted-bin_20.3.0-7+deb11u1_amd64.deb 70a663bfc896621e52fbbfdfd05970a0dc6e2418fc918a9b8ad4c6332842c765 7622 twisted_20.3.0-7+deb11u1_amd64-buildd.buildinfo Files: 796eb13792b7e0d1689a654c9954b43e 67720 debug optional python3-twisted-bin-dbg_20.3.0-7+deb11u1_amd64.deb 3151255dc7efd8ae36b70c2f2b06ac04 23100 python optional python3-twisted-bin_20.3.0-7+deb11u1_amd64.deb 262c31b70b192da3448074424d52d60d 7622 python optional twisted_20.3.0-7+deb11u1_amd64-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEgTtIulJqCiUOC8/RqX+JKfZgT24FAmKAKvEACgkQqX+JKfZg T27kaxAAkBO4CBaXEVz7a2dk4tsbd/mMM1B51L9O/YkC/WeS9h+GyS8EIe4WuSGT /1ggyYLwXuD3580qjKI9BTNU2pGNA4vWgPJpiyEjrm3HtYUalR8cUJvtY3otYyec TJxWSOBjLXJSAcWR+KZBjFBoL8weauCF+qvNlptJeDShVWh3XAHlVHh5b4hxdtGZ +kbCt9BQqZ2hCR2W6rD6KQc6jltWOYiwr9O1nJYduYTD19xRASJtNzZqdyy4+O9x MZibQnHmTAQOL8eA2TUeHYAjdrcr44ZXdcuNwEzpJCImrg20xGMm3mqAA6m+am/K 0KSn7rhxVTWO8oQh1fTo61V4VAK/fhfNqetGxVK/f0M0ksRoBHW9dhbs7w+Z1ZMF Cy3fuhmxBGK85NxqV1IOkcff7r+cmMWu4TzLG/SFv8KQC/7POCKWb2bxV5/2GYCO GAT1jj3z9Ifs0qWZAqvnwC+RLrBeWEAc200x+mbIYrWbbVuyXidy4HmbrI8v1ps7 kyEoh9mAUGy+WW+hCKLk2zXFZMD+QnENXP7nl7II3LIU9I8yhEWCcTFIgMhOaP0+ 4tj5JsLM+UuzCyVFW3A9rWdg+rBidajgtc4CvXGLvi8T8rWoPZupCTlZ4T2Ahy7/ HE7tmLbXozT4WcGwUAEYCbxFl05R43FKhiyIqdQ7s5hP6p6rTKU= =WsgU -----END PGP SIGNATURE-----