-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 05 May 2022 09:59:26 -0400 Source: twisted Binary: python3-twisted-bin python3-twisted-bin-dbg Architecture: i386 Version: 20.3.0-7+deb11u1 Distribution: bullseye Urgency: medium Maintainer: amd64 / i386 Build Daemon (x86-csail-01) Changed-By: Stefano Rivera Description: python3-twisted-bin - Event-based framework for internet applications python3-twisted-bin-dbg - Event-based framework for internet applications (debug extension) Changes: twisted (20.3.0-7+deb11u1) bullseye; urgency=medium . * Team upload. * CVE-2022-21712: Information disclosure results in leaking of HTTP cookie and authorization headers when following cross origin redirects - debian/patches/CVE-2022-21712-*.patch: Ensure sensitive HTTP headers are removed when forming requests, in src/twisted/web/client.py, src/twisted/web/test/test_agent.py and src/twisted/web/iweb.py. - Thanks Canonical for backporting the patches. * CVE-2022-21716: Parsing of SSH version identifier field during an SSH handshake can result in a denial of service when excessively large packets are received - debian/patches/CVE-2022-21716-*.patch: Ensure that length of received handshake buffer is checked, prior to processing version string in src/twisted/conch/ssh/transport.py and src/twisted/conch/test/test_transport.py - Thanks Canonical for backporting the patches. * CVE-2022-24801: Correct several defects in HTTP request parsing that could permit HTTP request smuggling: disallow signed Content-Length headers, forbid illegal characters in chunked extensions, forbid 0x prefix to chunk lengths, and only strip space and horizontal tab from header values. - debian/patches/CVE-2022-24801-*.patch * Patch: remove spurious test for illegal whitespace in xmlns, to allow tests to pass, again. Checksums-Sha1: 0f1110374653c85d34518a018ac0056a153dfa86 64532 python3-twisted-bin-dbg_20.3.0-7+deb11u1_i386.deb c84b811365047709eda43c5de2190b0103293426 23424 python3-twisted-bin_20.3.0-7+deb11u1_i386.deb c68d4e4da30b32b3eb76fc97423a9cb4d0ac6540 7561 twisted_20.3.0-7+deb11u1_i386-buildd.buildinfo Checksums-Sha256: 6f478fc161207ef8481efbe1f76146a51809bdfce86d66d0fe986992ca2edb99 64532 python3-twisted-bin-dbg_20.3.0-7+deb11u1_i386.deb 096531bd6ec6207320d25faaea99c977e3665aa7fc7184bd7b74eaa547a4ab79 23424 python3-twisted-bin_20.3.0-7+deb11u1_i386.deb 4fba55df3426907eb6791f22039c950b04bd11d685d884790e23ac366f67f728 7561 twisted_20.3.0-7+deb11u1_i386-buildd.buildinfo Files: d0689b9d5957de2f137df49efc12414f 64532 debug optional python3-twisted-bin-dbg_20.3.0-7+deb11u1_i386.deb ac2ad94278f0204bc4a3cd0deda60ae5 23424 python optional python3-twisted-bin_20.3.0-7+deb11u1_i386.deb 69648b8e34e28c6f4fcc89ebf6cf4034 7561 python optional twisted_20.3.0-7+deb11u1_i386-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEgTtIulJqCiUOC8/RqX+JKfZgT24FAmKAK0IACgkQqX+JKfZg T255Dw/9GPTXeTT703mRuoW7uIFAMZzACZc4XG+n4eQMlVCiZSnPam+epugafBaa BFOXfOMCIUgWzIL9QOjiItC6fOlyO8Iku/I/l+VjEE+HvFQFHfcB7ComKJHdxG1B KRtNuRg3mcHoDiBAxjn9wNSPT8jk7E5jBaqtuHus/K9OFJ1tUPlxZJJvTtZ1B4vU VNbCrnYWzU+wYiYqtq9o71Ja+YdyXsL5jHkZ2edGEMhayRGXO486ADa5Tqf0yxCX QvfhQmn44rC9IA1YTeRVTF0cWaLVYKMDZm+v1CKGvgzz44Bd0EEHUN4T/gjlqZYh E4q2jZsQ71cg0iuLlsea0I+tMtWQ8U0lnZ3UaQrhGmTsz4JjK+NA6TpTd4CaIhDu 7VSy7d6ea2MGqn1iYPDKyukUXRx/cJE4+4JMA7NboSZcJ3E6Pi5Jg/4VdWcTiopp is68bQF+KxjPY1roXgxXM9f7dB4h/Qd6p4jZl+D9hWkFKAd+9rLOoGqlODw8F4Bb mIomkp1W9J0LeBJvX1zki6BQvpNmfphxgM0z/5a+wqmQhTbmU0xhMsjrx4MElO+b 3VgZY9HrPy0zr31ST0ixTF5t46kg9Fh1rrEcvJJzvXmIRWJxXZ75/rDTWdOoVvHz 8BUxMa3lnBL0TyZ2tni3KNKuhi+Xwk+4v/V+Af8/V8eMlMG+NQU= =rM9F -----END PGP SIGNATURE-----