-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 05 May 2022 09:59:26 -0400 Source: twisted Binary: python3-twisted-bin python3-twisted-bin-dbg Architecture: armhf Version: 20.3.0-7+deb11u1 Distribution: bullseye Urgency: medium Maintainer: arm Build Daemon (arm-conova-03) Changed-By: Stefano Rivera Description: python3-twisted-bin - Event-based framework for internet applications python3-twisted-bin-dbg - Event-based framework for internet applications (debug extension) Changes: twisted (20.3.0-7+deb11u1) bullseye; urgency=medium . * Team upload. * CVE-2022-21712: Information disclosure results in leaking of HTTP cookie and authorization headers when following cross origin redirects - debian/patches/CVE-2022-21712-*.patch: Ensure sensitive HTTP headers are removed when forming requests, in src/twisted/web/client.py, src/twisted/web/test/test_agent.py and src/twisted/web/iweb.py. - Thanks Canonical for backporting the patches. * CVE-2022-21716: Parsing of SSH version identifier field during an SSH handshake can result in a denial of service when excessively large packets are received - debian/patches/CVE-2022-21716-*.patch: Ensure that length of received handshake buffer is checked, prior to processing version string in src/twisted/conch/ssh/transport.py and src/twisted/conch/test/test_transport.py - Thanks Canonical for backporting the patches. * CVE-2022-24801: Correct several defects in HTTP request parsing that could permit HTTP request smuggling: disallow signed Content-Length headers, forbid illegal characters in chunked extensions, forbid 0x prefix to chunk lengths, and only strip space and horizontal tab from header values. - debian/patches/CVE-2022-24801-*.patch * Patch: remove spurious test for illegal whitespace in xmlns, to allow tests to pass, again. Checksums-Sha1: 18c3855087ad53e5d808a21b6e4b35bb3b1770e9 64776 python3-twisted-bin-dbg_20.3.0-7+deb11u1_armhf.deb 0048037964b158ce4cbf9cc591707a3284f798be 22060 python3-twisted-bin_20.3.0-7+deb11u1_armhf.deb 97ebef33a0ac7178a41301d3f0047223bb82f22c 7523 twisted_20.3.0-7+deb11u1_armhf-buildd.buildinfo Checksums-Sha256: 496c66d7058d1143ebedbd6a7791a7046d2067fe4cba850288787ec4b398545c 64776 python3-twisted-bin-dbg_20.3.0-7+deb11u1_armhf.deb 8977270a361fdfc9f5e44159c76e19632133b29cf56a24e4d4419d90204eccf0 22060 python3-twisted-bin_20.3.0-7+deb11u1_armhf.deb 53d35c5b95a0feb487fe1ec762b009880a580e01e8dd4a2f010ddce33aec454d 7523 twisted_20.3.0-7+deb11u1_armhf-buildd.buildinfo Files: 4dec00aaa1a83231f12278742fa9fa13 64776 debug optional python3-twisted-bin-dbg_20.3.0-7+deb11u1_armhf.deb 23cb4671c83449952336847a991505ad 22060 python optional python3-twisted-bin_20.3.0-7+deb11u1_armhf.deb b5411d9bb9330b099540340bcc8dffeb 7523 python optional twisted_20.3.0-7+deb11u1_armhf-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEzCs98PTgyiLYw2uf9nOAcgkXaN8FAmKAG+YACgkQ9nOAcgkX aN9qrg//bO1cdVT7/UWdBixqLP1TJl9oxrPcC271JMAL0v5h10IuX0hoz/fLAqpt z1/OQM6W6ZquIksp3MRO2G7Aco2Pl0SmfsDEQSyvfjnNsvtARZy1l8DZ1sPIfMo/ MX3DdaWDHkTNSgyN1lt5wRZ0W2PLcR9ULYkj3MGw9Gw5g0ViHyWc5LMlWFhXuo+i 2mxFK1K3+qWTbQ9grsJufnAj4alyC67lgSFS+ojrY8j0GR7LzRCXOx3QrrjYItIC fpLFlXQ+/ThXoN+3pkt6BwP06VzLaWNM60/6OsKJxZKK5V68UG8zcmtAN2hCFPJV 7tA2EqQiMt7wW/axU6RXHFm+kIrgeqD8MghaMCfb60fqmm9/AAb7p0DqqRR1lZ9p UAzOusx065ibtM/PBUyXU7hTq+205jTHnkDpH+ExiksYgLPO5x6Gfg/p1oyD/+iP xCWgFVeVCk1HwnY7EFGT7C8Qpnb5ubnSQXFJrHX8dpiyEcwSjujHbUN9lmXOmqkU qcugJbkhQEBM/D89T092dxj/mV/NtOqn87A57R1jH1W2WrKvbLjSDfm9zZbIw0Go 9FMQLRfHavyMgiPUbgFXudeuDQ6Hf4Ego3y0g64lQMmtWg7e9yPcWP1uiF7SsQcP 16cWWPuUU+OmSbj4sZYgxGPnOsu7cfFRf49jg23V5GZmQpugYTo= =0Bm6 -----END PGP SIGNATURE-----