-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 05 May 2022 09:59:26 -0400 Source: twisted Binary: python3-twisted-bin python3-twisted-bin-dbg Architecture: ppc64el Version: 20.3.0-7+deb11u1 Distribution: bullseye Urgency: medium Maintainer: ppc64el Build Daemon (ppc64el-unicamp-01) Changed-By: Stefano Rivera Description: python3-twisted-bin - Event-based framework for internet applications python3-twisted-bin-dbg - Event-based framework for internet applications (debug extension) Changes: twisted (20.3.0-7+deb11u1) bullseye; urgency=medium . * Team upload. * CVE-2022-21712: Information disclosure results in leaking of HTTP cookie and authorization headers when following cross origin redirects - debian/patches/CVE-2022-21712-*.patch: Ensure sensitive HTTP headers are removed when forming requests, in src/twisted/web/client.py, src/twisted/web/test/test_agent.py and src/twisted/web/iweb.py. - Thanks Canonical for backporting the patches. * CVE-2022-21716: Parsing of SSH version identifier field during an SSH handshake can result in a denial of service when excessively large packets are received - debian/patches/CVE-2022-21716-*.patch: Ensure that length of received handshake buffer is checked, prior to processing version string in src/twisted/conch/ssh/transport.py and src/twisted/conch/test/test_transport.py - Thanks Canonical for backporting the patches. * CVE-2022-24801: Correct several defects in HTTP request parsing that could permit HTTP request smuggling: disallow signed Content-Length headers, forbid illegal characters in chunked extensions, forbid 0x prefix to chunk lengths, and only strip space and horizontal tab from header values. - debian/patches/CVE-2022-24801-*.patch * Patch: remove spurious test for illegal whitespace in xmlns, to allow tests to pass, again. Checksums-Sha1: 8eb906ebea08d89ad625bdf00183cde3fd95965f 68896 python3-twisted-bin-dbg_20.3.0-7+deb11u1_ppc64el.deb 4ceec5f4412203e07afee796ecf90ba5b215a0bf 23608 python3-twisted-bin_20.3.0-7+deb11u1_ppc64el.deb 571b8bdffd746a077972914063b3ade0de197b30 7640 twisted_20.3.0-7+deb11u1_ppc64el-buildd.buildinfo Checksums-Sha256: 0258c0f01e9d114f60bee50883657e2762e5d6128f4ee1d5f8c5e69fa89f8551 68896 python3-twisted-bin-dbg_20.3.0-7+deb11u1_ppc64el.deb a3ad3d99091ba27c3e0ee04bdc8e95491d9d31c7ed578b613a968ed01dff4d18 23608 python3-twisted-bin_20.3.0-7+deb11u1_ppc64el.deb 880a3a25f13be438301adc3df4e9ef90e4b42faed0cb8be2712b67f7cd6ab449 7640 twisted_20.3.0-7+deb11u1_ppc64el-buildd.buildinfo Files: d02a26ca16ca5d08e93dce4b1e43370a 68896 debug optional python3-twisted-bin-dbg_20.3.0-7+deb11u1_ppc64el.deb 2752d5fb3069b4d3974f5b9cb57a3ff8 23608 python optional python3-twisted-bin_20.3.0-7+deb11u1_ppc64el.deb f5a69711976a1ec37ea73992b901aaca 7640 python optional twisted_20.3.0-7+deb11u1_ppc64el-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEM6ceAMELlsCX7atTQTdFj1F/eVQFAmJ/2DcACgkQQTdFj1F/ eVRcGw//ZgrTWctSzfNhwNwDHnvLJpKs0ga34JZyS/W7GP6/gMZSIYLMhG1gK370 oAFcHybuC7NsFvxlYxPxFRMuJTxnhqvyYPcRaGLUuNceiYYwSQbmniQu65jdbFvz PAX3+jZvebQCWVnCsAOvd6Qk/Yw7NTyjyXR0JTWGKvJU0jbOaaFvgHLtr+tUYmiW avS+3GPiJmHBF1sPt949jObKLe1JzZ1xxcUiM7VrxcBt0s3ja8dg33Sk3T9BhE2+ GiSZNDK3x7jIF2kdEujFRTClchKU47KqFt5rLhhFfmzROFeuZH2sVaUmm1+u5sHQ QzGa9FJ6dTyY9Ci7XycSRuxXMNqxPQRh6OeaurPwqjTS0JrnfxmIff8yLG6Oa9hI Hhaq3KGHVK+Qw1fViahHp5IPcAu0uMPdJpb6fdHkmkhasgs3LpnAZrxQzV1/R0AN CGuzNFZPcPEs7apBwXCm3sWnBmGJAs/AUyWjPHVkTLIIBWtyesQZAB7Aziw954dP TdvCaGnlq7eElHsSplhgcyQxGnnGTJD940+zr6kDWR1zY6f5EBuu59aQ07dSc0ue dQnQ+M1QttMZKYOxaJVD9Xf4nZAAXh/KXSAXoNNWEYrE3dgd2iclnTp+dVka2+OG SOHQWJZYXyXiSQDqhczG/o4C3IsyUrUKY7zuOJKcI1wXp8aKeac= =mVAQ -----END PGP SIGNATURE-----