-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 05 May 2022 09:59:26 -0400 Source: twisted Binary: python3-twisted-bin python3-twisted-bin-dbg Architecture: armel Version: 20.3.0-7+deb11u1 Distribution: bullseye Urgency: medium Maintainer: arm Build Daemon (arm-ubc-05) Changed-By: Stefano Rivera Description: python3-twisted-bin - Event-based framework for internet applications python3-twisted-bin-dbg - Event-based framework for internet applications (debug extension) Changes: twisted (20.3.0-7+deb11u1) bullseye; urgency=medium . * Team upload. * CVE-2022-21712: Information disclosure results in leaking of HTTP cookie and authorization headers when following cross origin redirects - debian/patches/CVE-2022-21712-*.patch: Ensure sensitive HTTP headers are removed when forming requests, in src/twisted/web/client.py, src/twisted/web/test/test_agent.py and src/twisted/web/iweb.py. - Thanks Canonical for backporting the patches. * CVE-2022-21716: Parsing of SSH version identifier field during an SSH handshake can result in a denial of service when excessively large packets are received - debian/patches/CVE-2022-21716-*.patch: Ensure that length of received handshake buffer is checked, prior to processing version string in src/twisted/conch/ssh/transport.py and src/twisted/conch/test/test_transport.py - Thanks Canonical for backporting the patches. * CVE-2022-24801: Correct several defects in HTTP request parsing that could permit HTTP request smuggling: disallow signed Content-Length headers, forbid illegal characters in chunked extensions, forbid 0x prefix to chunk lengths, and only strip space and horizontal tab from header values. - debian/patches/CVE-2022-24801-*.patch * Patch: remove spurious test for illegal whitespace in xmlns, to allow tests to pass, again. Checksums-Sha1: 524f179d440b4642b974797504f7859fd5bcb73b 64916 python3-twisted-bin-dbg_20.3.0-7+deb11u1_armel.deb de46c75a673814c6d34b745c143445d83f313c9a 22184 python3-twisted-bin_20.3.0-7+deb11u1_armel.deb 0e24bcef29a48cb6adeb6492f28912d1943ca20f 7521 twisted_20.3.0-7+deb11u1_armel-buildd.buildinfo Checksums-Sha256: 63210d25132d9297732ac369e5749e942684b236581cecaa673561248f6c2a59 64916 python3-twisted-bin-dbg_20.3.0-7+deb11u1_armel.deb ed7ed9e3bf61546828cd5b30c0664bc0ff513382b1f1030211c1cc6585b63bdc 22184 python3-twisted-bin_20.3.0-7+deb11u1_armel.deb 1b950f96924a19a1d2d0dc4f6c39757130e516747179eaeec0ccf0efb9452054 7521 twisted_20.3.0-7+deb11u1_armel-buildd.buildinfo Files: 6d7c092a54a320048efefc5d883acda1 64916 debug optional python3-twisted-bin-dbg_20.3.0-7+deb11u1_armel.deb 8a2742c7f88e80a27c9b8a1b8d95840c 22184 python optional python3-twisted-bin_20.3.0-7+deb11u1_armel.deb 48387bce0780ca942ce712d4da75b7a6 7521 python optional twisted_20.3.0-7+deb11u1_armel-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEENeV6qeDMB6P9VCdeH0ozZaRgUaAFAmJ/zucACgkQH0ozZaRg UaDwWQ/+JtRA9P7Z3a6+71S1Rs4hsHOvetD3CMGbDSpATWuRi/ZmfM0/NXY0L9Iv IJfAnT4Vm/7uGSPDjpZ0gdr2lPY8OpzIjB630vrjTeYsrAbL49iUkcjFb0BBHTdk fiFyc5okjzifXmgT58aGovhUA3c9gA8jittrz5nCLNse2cIKYyNgKfYDGG9Guwey pjzGEWah3F3zEQwc2UKw5y4FvvmfL0frB6Bb4S7hPcQ6OPVlmmVK7YDCLcYApdiG /TWIuwiVIQxIdpIiTpGfw4IWSxnlFtbN4JlDYOMihmSQVniFjLSqOJ5V9C2PsQuW FHw6CHYhbmhYoFswefhgWxtUpWyCubAgnoGxMLpnGO56sCyGqJqr3IHJo30QV3ng Lnihxk7GDBrAk+8zJBpDUJNZeQ6391iuw0JqKkt3GZO0r/eIxGIerHG1VsyVHPPo vH2CttExy7Lar/MRoVCWCUcZsDFS/n7ghN7jKo6tpsLDov0tUSbqof/aPi7Vs0zC Nugd1GW9gQDW6Nyf+ClHPqQ6rH+S9wPIGf59/QN/syRpsEl1Nolgd2ZfHN11MBBM GirI8+XqjY+QjD/GVfpPMJMhHEzOPM9TpOYiHaR2Cgu2vAahti5BUDPnzvrgqyWA JCB+jnnIjFzz5kNMDE3saojkaBUPJyUlY9Q3UFp0KpAoXtBCsUk= =0emP -----END PGP SIGNATURE-----