Back to twisted PTS page

Accepted twisted 18.9.0-7 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted twisted 18.9.0-7 (source) into unstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Mon, 23 Mar 2020 20:57:24 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1jGU8S-000GyK-5q@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 23 Mar 2020 20:49:21 +0100
Source: twisted
Architecture: source
Version: 18.9.0-7
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
Changed-By: Andrej Shadura <andrewsh@debian.org>
Closes: 930389 930626 948560 953950
Changes:
 twisted (18.9.0-7) unstable; urgency=medium
 .
   [ Marc Deslauriers ]
   * SECURITY UPDATE: incorrect URI and HTTP method validation
     - debian/patches/CVE-2019-12387.patch: prevent CRLF injections in
       src/twisted/web/_newclient.py, src/twisted/web/client.py,
       src/twisted/web/test/injectionhelpers.py,
       src/twisted/web/test/test_agent.py,
       src/twisted/web/test/test_webclient.py.
     - CVE-2019-12387
     - Closes: #930389
   * SECURITY UPDATE: incorrect cert validation in XMPP support
     - debian/patches/CVE-2019-12855-*.patch: upstream patches to implement
       certificate checking.
     - CVE-2019-12855
     - Closes: #930626
   * SECURITY UPDATE: HTTP/2 denial of service issues
     - debian/patches/CVE-2019-951x.patch: buffer outbound control frames
       and timeout invalid clients in src/twisted/web/_http2.py,
       src/twisted/web/error.py, src/twisted/web/http.py,
       src/twisted/web/test/test_http.py,
       src/twisted/web/test/test_http2.py.
     - CVE-2019-9511
     - CVE-2019-9514
     - CVE-2019-9515
   * SECURITY UPDATE: request smuggling attacks
     - debian/patches/CVE-2020-1010x-pre1.patch: refactor to reduce
       duplication in src/twisted/web/test/test_http.py.
     - debian/patches/CVE-2020-1010x.patch: fix several request smuggling
       attacks in src/twisted/web/http.py,
       src/twisted/web/test/test_http.py.
     - CVE-2020-10108
     - CVE-2020-10109
     - Closes: #953950
 .
   [ Emmanuel Arias ]
   * Add patch to fix SyntaxWarning (Closes: #948560).
Checksums-Sha1:
 3c43921a889a3b58ff635de0d4380641452a2d18 3363 twisted_18.9.0-7.dsc
 7e45bebe2aa6dccd1fcdcc3b5d93a21a1395adee 41712 twisted_18.9.0-7.debian.tar.xz
Checksums-Sha256:
 b97af62d2b050c3702f88e603ae488d45618bc3a389ffb0bc8099fb52752d90b 3363 twisted_18.9.0-7.dsc
 fb428c0256ff81fc2e03815e511151a4c6f1fac7c4330b12388e7a466acdb13d 41712 twisted_18.9.0-7.debian.tar.xz
Files:
 09212cffe8e7d2f6acabc567fe2fac02 3363 python optional twisted_18.9.0-7.dsc
 1284d646560c4ca87c8979f893d02859 41712 python optional twisted_18.9.0-7.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEeuS9ZL8A0js0NGiOXkCM2RzYOdIFAl55EvkACgkQXkCM2RzY
OdKz7Af/Rrni523VhMNJP7r2XieyoYcBDG7wflZQZxvn7xa8N2ZBKmjCsiJRCOEf
9mKMWD/MqkiG7SejeCg9y0F2xWNGEjDuFfpoxoRoCsmyesNfMZS6Cs46wvOZ8kIe
KNAmsTbsU9JJ/KtiJRAgi0dL3zKyI/ir+t3w3TaA1jzO1l563+o3ugP84YwEl13R
gOG/YhkKw1lCalgtm5gBJizXYXno2sA8Ho97GIqCT/mnzwcw/Bz9wglAwpoiiZ11
+YLOzwvcYoXO9iXa3Vm++Jrov/3JWFG86KlSTa5N5+pXej87N1le/UpF5MokWrYA
rCu9SPcPi5uIZC3qeOEEPOic5b3x3A==
=wT0s
-----END PGP SIGNATURE-----