-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 05 May 2022 09:59:26 -0400 Source: twisted Binary: python3-twisted-bin python3-twisted-bin-dbg Architecture: arm64 Version: 20.3.0-7+deb11u1 Distribution: bullseye Urgency: medium Maintainer: arm Build Daemon (arm-ubc-02) Changed-By: Stefano Rivera Description: python3-twisted-bin - Event-based framework for internet applications python3-twisted-bin-dbg - Event-based framework for internet applications (debug extension) Changes: twisted (20.3.0-7+deb11u1) bullseye; urgency=medium . * Team upload. * CVE-2022-21712: Information disclosure results in leaking of HTTP cookie and authorization headers when following cross origin redirects - debian/patches/CVE-2022-21712-*.patch: Ensure sensitive HTTP headers are removed when forming requests, in src/twisted/web/client.py, src/twisted/web/test/test_agent.py and src/twisted/web/iweb.py. - Thanks Canonical for backporting the patches. * CVE-2022-21716: Parsing of SSH version identifier field during an SSH handshake can result in a denial of service when excessively large packets are received - debian/patches/CVE-2022-21716-*.patch: Ensure that length of received handshake buffer is checked, prior to processing version string in src/twisted/conch/ssh/transport.py and src/twisted/conch/test/test_transport.py - Thanks Canonical for backporting the patches. * CVE-2022-24801: Correct several defects in HTTP request parsing that could permit HTTP request smuggling: disallow signed Content-Length headers, forbid illegal characters in chunked extensions, forbid 0x prefix to chunk lengths, and only strip space and horizontal tab from header values. - debian/patches/CVE-2022-24801-*.patch * Patch: remove spurious test for illegal whitespace in xmlns, to allow tests to pass, again. Checksums-Sha1: 0a0d863d9f260ca8f376ffc97217cd255e873038 66592 python3-twisted-bin-dbg_20.3.0-7+deb11u1_arm64.deb 7825dbe612e9f0849c3be9f1b1c48d4109737cb1 22420 python3-twisted-bin_20.3.0-7+deb11u1_arm64.deb a14aaa987f23a8c1e279574035bfeaecd3ca2ad6 7592 twisted_20.3.0-7+deb11u1_arm64-buildd.buildinfo Checksums-Sha256: 603243125a7853fd1d190bdb2b530726e2982bd04ce67e09bf41d5231171b6e5 66592 python3-twisted-bin-dbg_20.3.0-7+deb11u1_arm64.deb 620a05e954deea79e853864353e06ca68d8771b538a5033ebebd8617bff7e997 22420 python3-twisted-bin_20.3.0-7+deb11u1_arm64.deb bba975766df7c0ad442be79f9149fdc435d1c783610325e1c5d2bf38e68915fa 7592 twisted_20.3.0-7+deb11u1_arm64-buildd.buildinfo Files: 987c39e8a1623b50a91b62a9593cb04a 66592 debug optional python3-twisted-bin-dbg_20.3.0-7+deb11u1_arm64.deb 31bbf4b11bc904f7e7b23b83e1a9bd11 22420 python optional python3-twisted-bin_20.3.0-7+deb11u1_arm64.deb 5e2ecdd4854bd8862807271e06169e92 7592 python optional twisted_20.3.0-7+deb11u1_arm64-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEk6cQMJtJmFPeb+VMFbDY0NpL5FYFAmKAHGQACgkQFbDY0NpL 5FasPw//VdJd5A/19r+DwWiPHPR9y+g2M0hO3bB6w+ZB/QnCNv1kJyFoLpBMuiza sEtjh4+qDSu8/KFsiQOFz6kS2elD5O5BFkU9FQuT1cX5Jxm+7PYw9PpHzXyCLoVC 7Pp+Bf11DAgVUyZhYbQRiLcWPdbUnUQnOhXPOkBVIfD2JIYlAK3gjHpxfGb8kyaz yXDGlI3XxT43NRP8GRZ7wJ7GeGrMOoX5mOHEz6ZWCa/+6ZwDGqzxKvuv5i9dGNUo uvYPp0Bzit0HAmw5jFpyxvER7KTDa8WuW7OSam9cKjDsfEkiwP1DXczSFxLTi0YX nkcpu1OGs4L6AZjXCYZk8WHvZDi8AzEQhdpt7brwoDVaFrpImFsxpS99WTk0th+E 6gOs8VDd/nba6fpcMbig16s6RmDVbgKDxUE3SuYdneMfmoXDc5jSoATrpLVvrEgX wOkrSlSiFnuKkmabHqqLq7RqpiskD9+1VVMySWn0hHYBV9TUn7YxYXqcssvhsJYM FCNUnVDe3byyyTChX2+YWEu/a6POWyKaLFXmXrlhEJXXjTvGIdONGvaBe+fJhWV1 mUizK2/8DYugKDAypDOfjg1wS5efH8P2ow7JPT0jjnckxPac39xa0udEBG2l0Mdc TyIbsNLXa1bLJ4YpmNfrMUFui60/pD773fpY/0v97G8Xu7vNwhI= =9SmK -----END PGP SIGNATURE-----