Accepted twisted 20.3.0-7+deb11u1 (source) into proposed-updates->stable-new, proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted twisted 20.3.0-7+deb11u1 (source) into proposed-updates->stable-new, proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sat, 14 May 2022 14:10:30 +0000
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Subject: Content-Transfer-Encoding:Content-Type:MIME-Version:To:Reply-To:From:Cc: Content-ID:Content-Description:In-Reply-To:References; bh=kcqUQboMIlQn7f+xxVP1G7k9s15cGvRfDTTT8o9YVdE=; b=NYMWVsEkNSzoL/XLliJ4vasOY0 iiYuQaEcPBNAkD5ovlDO2FB1lFWHv2u+7+CkXLQDePpE5P2gajoPOAm0ktpEHiYfjGdqd+h5scD7k LijRDTamPEL7QIzH+uR2YM3vyUDsSr2nmaYe3vZTQOy8c+ieaJLyfmwAcox4J9E9P4b753+zPNk9H 1r7ELJE3mmYB1cYbDA5w9hhDzwLMt+OHTeLAa+3drH3F9wFUPcPUme4UFbY8UNzdGrr/t1/3BGQBE KdbmeD2s2tzxuccQSRpx+j0E26+YojdAI2quZ45fRkKcsxKE7wFGdjOWwQPxFe8wfuG+kGooAU7cD YXqsreVw==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1npsTW-0000jt-Q3@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 05 May 2022 09:59:26 -0400
Source: twisted
Architecture: source
Version: 20.3.0-7+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Stefano Rivera <stefanor@debian.org>
Changes:
twisted (20.3.0-7+deb11u1) bullseye; urgency=medium
.
* Team upload.
* CVE-2022-21712: Information disclosure results in leaking of HTTP cookie
and authorization headers when following cross origin redirects
- debian/patches/CVE-2022-21712-*.patch: Ensure sensitive HTTP headers are
removed when forming requests, in src/twisted/web/client.py,
src/twisted/web/test/test_agent.py and src/twisted/web/iweb.py.
- Thanks Canonical for backporting the patches.
* CVE-2022-21716: Parsing of SSH version identifier field during an SSH
handshake can result in a denial of service when excessively large packets
are received
- debian/patches/CVE-2022-21716-*.patch: Ensure that length of received
handshake buffer is checked, prior to processing version string in
src/twisted/conch/ssh/transport.py and
src/twisted/conch/test/test_transport.py
- Thanks Canonical for backporting the patches.
* CVE-2022-24801: Correct several defects in HTTP request parsing that could
permit HTTP request smuggling: disallow signed Content-Length headers,
forbid illegal characters in chunked extensions, forbid 0x prefix to chunk
lengths, and only strip space and horizontal tab from header values.
- debian/patches/CVE-2022-24801-*.patch
* Patch: remove spurious test for illegal whitespace in xmlns, to allow
tests to pass, again.
Checksums-Sha1:
b953fbeb230b136eec8d4991b47d9af01fc83894 1965 twisted_20.3.0-7+deb11u1.dsc
57921a411ec3276d3ad929af13a0f7ce8a25372b 43572 twisted_20.3.0-7+deb11u1.debian.tar.xz
e5c189d8c0a509d650a263ba784a9a20bd5d2e6c 6545 twisted_20.3.0-7+deb11u1_source.buildinfo
Checksums-Sha256:
c0a73d67c2c30749b7d5aabbcd58037a6ed26414d0b570215de5f0e8c732ce19 1965 twisted_20.3.0-7+deb11u1.dsc
60f42ddde10c7e8f01b32254579e78d254a53a8ef77b42fe76eb562a0bd6a4aa 43572 twisted_20.3.0-7+deb11u1.debian.tar.xz
59b2ae2d809dc5a1bdb85ca832b23cb20c7d49ebd6f6d9beeb600022dd1637c0 6545 twisted_20.3.0-7+deb11u1_source.buildinfo
Files:
a32632d50a6a6bb6514e2fde1698e70b 1965 python optional twisted_20.3.0-7+deb11u1.dsc
ab9da6d93ae431fc8b0b4c06dbeca196 43572 python optional twisted_20.3.0-7+deb11u1.debian.tar.xz
97fad520f87f79c74e1016eede16eeeb 6545 python optional twisted_20.3.0-7+deb11u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iIoEARYKADIWIQTumtb5BSD6EfafSCRHew2wJjpU2AUCYnPchRQcc3RlZmFub3JA
ZGViaWFuLm9yZwAKCRBHew2wJjpU2Pt9AQC4qbmHzaI/nRwJcwoWvhaxH+3MtTIL
oOiQCR80sbENhwD/SzuWTE3rYUqa5o+SFNH3MGsiEyCakOQIdOhpJAtDlAQ=
=iXw5
-----END PGP SIGNATURE-----