-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 05 May 2022 09:59:26 -0400 Source: twisted Binary: python3-twisted-bin python3-twisted-bin-dbg Architecture: mips64el Version: 20.3.0-7+deb11u1 Distribution: bullseye Urgency: medium Maintainer: mips64el Build Daemon (mipsel-osuosl-02) Changed-By: Stefano Rivera Description: python3-twisted-bin - Event-based framework for internet applications python3-twisted-bin-dbg - Event-based framework for internet applications (debug extension) Changes: twisted (20.3.0-7+deb11u1) bullseye; urgency=medium . * Team upload. * CVE-2022-21712: Information disclosure results in leaking of HTTP cookie and authorization headers when following cross origin redirects - debian/patches/CVE-2022-21712-*.patch: Ensure sensitive HTTP headers are removed when forming requests, in src/twisted/web/client.py, src/twisted/web/test/test_agent.py and src/twisted/web/iweb.py. - Thanks Canonical for backporting the patches. * CVE-2022-21716: Parsing of SSH version identifier field during an SSH handshake can result in a denial of service when excessively large packets are received - debian/patches/CVE-2022-21716-*.patch: Ensure that length of received handshake buffer is checked, prior to processing version string in src/twisted/conch/ssh/transport.py and src/twisted/conch/test/test_transport.py - Thanks Canonical for backporting the patches. * CVE-2022-24801: Correct several defects in HTTP request parsing that could permit HTTP request smuggling: disallow signed Content-Length headers, forbid illegal characters in chunked extensions, forbid 0x prefix to chunk lengths, and only strip space and horizontal tab from header values. - debian/patches/CVE-2022-24801-*.patch * Patch: remove spurious test for illegal whitespace in xmlns, to allow tests to pass, again. Checksums-Sha1: 47962dccde521ca90a4b6806e46b80c820902ee5 67908 python3-twisted-bin-dbg_20.3.0-7+deb11u1_mips64el.deb f965a3fa8bee97d6ca1e3a19076431eed6cfb082 22660 python3-twisted-bin_20.3.0-7+deb11u1_mips64el.deb 737e8e7fae5a1c78e0e66c0b7730d9a59cf93f58 7480 twisted_20.3.0-7+deb11u1_mips64el-buildd.buildinfo Checksums-Sha256: a857ef8e05af133a8176bedd2d797818a540f4e3b11e7ea8032f8c6378f0d171 67908 python3-twisted-bin-dbg_20.3.0-7+deb11u1_mips64el.deb faa0a92be0491aa5554a270d34d564c353351eba4e0ec0f4526d596d841441b8 22660 python3-twisted-bin_20.3.0-7+deb11u1_mips64el.deb a2bd0e2782b8f9af32a73f26d50ecc4317706bdc10e73f731903e2415d49d1a7 7480 twisted_20.3.0-7+deb11u1_mips64el-buildd.buildinfo Files: 5a56794c302f0becae4217402212cb95 67908 debug optional python3-twisted-bin-dbg_20.3.0-7+deb11u1_mips64el.deb dce95b20dc4b2295794ecadec956d413 22660 python optional python3-twisted-bin_20.3.0-7+deb11u1_mips64el.deb 6ff85daf29726070ef9e372569384557 7480 python optional twisted_20.3.0-7+deb11u1_mips64el-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE3MoVZ9ZwC61enleHma0LVKlb6LIFAmKAHhEACgkQma0LVKlb 6LIUChAAseqZPuxTGMNWt+bSWA58AmzIIH0eHsmk9ESm/SM5RFvazWMS19o/gZrD uVx9xTyn2oEg5fNKZAZw44fyHoei2J6eUJWstHEApdBPkYH5ZyrUE8RNySyliI2i B+ZfqETQSky0s458jQx4iJL6sK628+HrnAe7h1YpmvNMtqbAk9f2l19b9feVXS6Y hzy9kud3DGffYv1iHP4xL5uuwqhE1/zWq3Uaogq1hS9Uo64tPij10OEOOwo/6dc/ 6fO0KcscDoJqJH+gTDn8w0ws0fGW9jNTJg7MSfVSk7EdfmhBjSxHa6G+xF8qWFc/ boSaRPqR+DvakLVFsRQXUtDs8G20CUGrADCRhoyDWzUwv2GaYv5Jdm2SKuyj8ZS2 j+5Sp0dqB+QBd6m1otejalUz9Qv30y/cwfcAP4r0Euzz4PojaUyq4dTh6uGV4f1n 9c1CzmM3YPo2cKfom3qGJIJmV/kKaFN9M3qnDuxhRIu1PTNzarHa+94DbR6eaCXO YOOEe/infd0HNkdf1WKUo+6fErd/39kqNez+lZhoZnkXZamkndgOFJyklAVA46Y3 gxy/CdxHr68jYuzQfnpGjLBWwv9UKG1hd0Mu/upX3/YVYbgCIGQ7jfdGwjT0YtSN eqp6DnmmgmAsO+l7xoBUfGWQ+m8SUOOhpTTqcnLCJJkMu5pSXYg= =BlBl -----END PGP SIGNATURE-----