-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 05 May 2022 09:59:26 -0400 Source: twisted Binary: python3-twisted-bin python3-twisted-bin-dbg Architecture: s390x Version: 20.3.0-7+deb11u1 Distribution: bullseye Urgency: medium Maintainer: s390x Build Daemon (zandonai) Changed-By: Stefano Rivera Description: python3-twisted-bin - Event-based framework for internet applications python3-twisted-bin-dbg - Event-based framework for internet applications (debug extension) Changes: twisted (20.3.0-7+deb11u1) bullseye; urgency=medium . * Team upload. * CVE-2022-21712: Information disclosure results in leaking of HTTP cookie and authorization headers when following cross origin redirects - debian/patches/CVE-2022-21712-*.patch: Ensure sensitive HTTP headers are removed when forming requests, in src/twisted/web/client.py, src/twisted/web/test/test_agent.py and src/twisted/web/iweb.py. - Thanks Canonical for backporting the patches. * CVE-2022-21716: Parsing of SSH version identifier field during an SSH handshake can result in a denial of service when excessively large packets are received - debian/patches/CVE-2022-21716-*.patch: Ensure that length of received handshake buffer is checked, prior to processing version string in src/twisted/conch/ssh/transport.py and src/twisted/conch/test/test_transport.py - Thanks Canonical for backporting the patches. * CVE-2022-24801: Correct several defects in HTTP request parsing that could permit HTTP request smuggling: disallow signed Content-Length headers, forbid illegal characters in chunked extensions, forbid 0x prefix to chunk lengths, and only strip space and horizontal tab from header values. - debian/patches/CVE-2022-24801-*.patch * Patch: remove spurious test for illegal whitespace in xmlns, to allow tests to pass, again. Checksums-Sha1: 559110140f0e21d6ca6f49657b9e3f006ddc2546 66432 python3-twisted-bin-dbg_20.3.0-7+deb11u1_s390x.deb 42ea6b871e1333fef8e850c267d3915f2fcae4ae 22616 python3-twisted-bin_20.3.0-7+deb11u1_s390x.deb a09b98fc5ed3a953dab183b36e83c3460019169a 7542 twisted_20.3.0-7+deb11u1_s390x-buildd.buildinfo Checksums-Sha256: 6d59ed85f68f3919c7f8589be52637220d9927e5a57c7e2896179fcbbccc5dae 66432 python3-twisted-bin-dbg_20.3.0-7+deb11u1_s390x.deb 847e188f6c9d7af6c2a959ef1eee64e4053696de53b74a578e0f41eba96dbaa0 22616 python3-twisted-bin_20.3.0-7+deb11u1_s390x.deb d4bf8e349e918a09134a010157529c8ddb478e0c221bfb4826d145413f4410f8 7542 twisted_20.3.0-7+deb11u1_s390x-buildd.buildinfo Files: f6ea18c5aedb20bf0d3711bb83a8297d 66432 debug optional python3-twisted-bin-dbg_20.3.0-7+deb11u1_s390x.deb 373f26a851398b50c44b65a12af278c7 22616 python optional python3-twisted-bin_20.3.0-7+deb11u1_s390x.deb fde0123c04e76e94f5bbc73eeb6d8801 7542 python optional twisted_20.3.0-7+deb11u1_s390x-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEEwflLi3dfm21PN8mA0zNy/MAOYMFAmJ/zyQACgkQA0zNy/MA OYPiyRAAgZ5ks/6FG6x0YUUXKIyXJGfE/ZzMSkvQD+c1F4XkWGTojFMsYzCUbsW9 9TlEt+agD/mJgp340jHtoAcSNDtRWfLMWrUCFNBt7sMa3HAOgHVz2eT8qHdkH2XJ 0M9EUaOkU3OUIK62PAuAEGL9WHATENOO6HERx+QvBrJ7EcAdDgG3mEqv2VOwzbBd e/EvBt5Ml2dcboPNASTj7R1rn6NSkwrNaKiUAlR1mu+JsAMzQA0VfrrQUpQgrPz0 Q68S9Olzmx39NdrpsOXr5gPnDeIKVmLJdAA/2vSNxSsLCw+fS3B+JuGhbBWHVosF HXH2fAjujCoWDSb0Iof7HuYUaoeJkY/48mZXW8NZYciAkCk6jsF/p7RvG7HlThl8 Oqd6bIxXrctZWnlkrza6Nax1lm/dfXCR7NUW9JTFKWoIEMPehG9yZ7330ouZMHaw g8HNNX/bDbZtUDOEydOPKUN8RTT8PzitUs3rpx2ZDdIAwP77BfRj9PX93yFtSgN0 Ogt7JQmsFcpmZv/8B+mhcj0ExaJW2+1j4zfUDynxZd5FNLzflXASs9xsvEm4EgP0 g2oVN6MEUahhKIkgj2SLLUiSwKpyvL9NzwPEbmI4MKBQz+LIB1+Md2HRFpfvIsZC 7YDZo9KubTUvcos6DR+2sXI20veRXNGIaCmymv8Xc0oQaBeZ0kY= =aPxo -----END PGP SIGNATURE-----