-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 05 May 2022 09:59:26 -0400 Source: twisted Binary: python3-twisted-bin python3-twisted-bin-dbg Architecture: mipsel Version: 20.3.0-7+deb11u1 Distribution: bullseye Urgency: medium Maintainer: mipsel Build Daemon (mipsel-osuosl-05) Changed-By: Stefano Rivera Description: python3-twisted-bin - Event-based framework for internet applications python3-twisted-bin-dbg - Event-based framework for internet applications (debug extension) Changes: twisted (20.3.0-7+deb11u1) bullseye; urgency=medium . * Team upload. * CVE-2022-21712: Information disclosure results in leaking of HTTP cookie and authorization headers when following cross origin redirects - debian/patches/CVE-2022-21712-*.patch: Ensure sensitive HTTP headers are removed when forming requests, in src/twisted/web/client.py, src/twisted/web/test/test_agent.py and src/twisted/web/iweb.py. - Thanks Canonical for backporting the patches. * CVE-2022-21716: Parsing of SSH version identifier field during an SSH handshake can result in a denial of service when excessively large packets are received - debian/patches/CVE-2022-21716-*.patch: Ensure that length of received handshake buffer is checked, prior to processing version string in src/twisted/conch/ssh/transport.py and src/twisted/conch/test/test_transport.py - Thanks Canonical for backporting the patches. * CVE-2022-24801: Correct several defects in HTTP request parsing that could permit HTTP request smuggling: disallow signed Content-Length headers, forbid illegal characters in chunked extensions, forbid 0x prefix to chunk lengths, and only strip space and horizontal tab from header values. - debian/patches/CVE-2022-24801-*.patch * Patch: remove spurious test for illegal whitespace in xmlns, to allow tests to pass, again. Checksums-Sha1: 63615f459093859680cd1c8ddbb8b5aefd133bd3 63996 python3-twisted-bin-dbg_20.3.0-7+deb11u1_mipsel.deb 9a407b1132be29757bf1339495937f94b4313032 22620 python3-twisted-bin_20.3.0-7+deb11u1_mipsel.deb 2c85f2933e32a5c6de93396272e3cabd801d634e 7479 twisted_20.3.0-7+deb11u1_mipsel-buildd.buildinfo Checksums-Sha256: d97359e750b1f4b99540636a5e48c591588169a60f174f22d73a2aee33323da0 63996 python3-twisted-bin-dbg_20.3.0-7+deb11u1_mipsel.deb c6c6e22244d4d890465111283fd30916033c54da2c23eb36bd02b1095323e5bb 22620 python3-twisted-bin_20.3.0-7+deb11u1_mipsel.deb f56df5ee33ba6f01ad53603e7dd5c2672a8be482e30386dfecfdc5c5637c7d1e 7479 twisted_20.3.0-7+deb11u1_mipsel-buildd.buildinfo Files: cd0a723dc07a4b7f01607ad0f81c4ab2 63996 debug optional python3-twisted-bin-dbg_20.3.0-7+deb11u1_mipsel.deb 72e539d8da4643eaf0c5e38631365cf7 22620 python optional python3-twisted-bin_20.3.0-7+deb11u1_mipsel.deb 6f015f8cc0c81d45d45e0af63e2ca0e2 7479 python optional twisted_20.3.0-7+deb11u1_mipsel-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEB/LZjIxKoy4YPfehZlR40KOuoLkFAmJ/zPgACgkQZlR40KOu oLl/1w//fKt9c/O5KEMmYMiMBNo8+TBIAzTVsxRDpz7dCavfer5vyA7ujQcznCsR 8OIF2XMb9GHHrZ48P37LXG7bkO8CooHaZzhCauUBH5DsP4QyLzx+D3CIZOpWkgvA DN9So9rNwKK0tSQ+OPf/XMq00gKVPkr0m5WDRSAZJQBDR3m3ckEiST5vErTlDQYn 4Z0ZgF97lwdwmtbVfDQpEiXKygsCkknMuapLMt6Dh30A9hdzQZjMSsnFrh6OTLHc y/n74YvQo2Lv4Emy8ARJZ+6kxc4vndkWP26PbfIDgjKoRRpv2Qru5dM8gnaXdQK6 21jdx5OH1EWwJYU1/uPgKPQIHDyH4G4ize3g/ln5I9wrFuTOZKkzPTLNi9DrWlfK E6gQITB6/VEIalwiH5T3VU19qjuHsAeCJ9BF3xxXCUWhbQvMtyx/Bfg/Atz9Zq1M dRoAbKk0ukKs9yJGzXHT5qbHwaBv2jLVjeZUg3w/IkXFSnhwiszBklhFDNLMR649 wZ+DQyL1o/y0et1hc/YWufMH5woa4WBUThA2WA4o5DmziWrIm66wN6QgktiXEw1L K+uXMO2H/7rqV5RFJ97KcXI08IttjRcPZ2gC1dtwngOvGulTufdthuFv8m2izcd+ GBnd2WBujgdg8AAGGyVLM6MnMUt7rJ0vS31e0PpraJbUSj/90IU= =zVja -----END PGP SIGNATURE-----