Publishing details

Removed from disk on 2020-12-29.
Removal requested on 2020-12-29.
Published on 2020-03-19
Copied from ubuntu eoan in PPA for Ubuntu Security Proposed by Marc Deslauriers

Changelog

twisted (18.9.0-3ubuntu1.1) eoan-security; urgency=medium

  * SECURITY UPDATE: incorrect URI and HTTP method validation
    - debian/patches/CVE-2019-12387.patch: prevent CRLF injections in
      src/twisted/web/_newclient.py, src/twisted/web/client.py,
      src/twisted/web/test/injectionhelpers.py,
      src/twisted/web/test/test_agent.py,
      src/twisted/web/test/test_webclient.py.
    - CVE-2019-12387
  * SECURITY UPDATE: incorrect cert validation in XMPP support
    - debian/patches/CVE-2019-12855-*.patch: upstream patches to implement
      certificate checking.
    - CVE-2019-12855
  * SECURITY UPDATE: HTTP/2 denial of service issues
    - debian/patches/CVE-2019-951x.patch: buffer outbound control frames
      and timeout invalid clients in src/twisted/web/_http2.py,
      src/twisted/web/error.py, src/twisted/web/http.py,
      src/twisted/web/test/test_http.py,
      src/twisted/web/test/test_http2.py.
    - CVE-2019-9512
    - CVE-2019-9514
    - CVE-2019-9515
  * SECURITY UPDATE: request smuggling attacks
    - debian/patches/CVE-2020-1010x-pre1.patch: refactor to reduce
      duplication in src/twisted/web/test/test_http.py.
    - debian/patches/CVE-2020-1010x.patch: fix several request smuggling
      attacks in src/twisted/web/http.py,
      src/twisted/web/test/test_http.py.
    - CVE-2020-10108
    - CVE-2020-10109

 -- Marc Deslauriers <email address hidden>  Mon, 16 Mar 2020 12:51:15 -0400

Available diffs

diff from 18.9.0-3ubuntu1 (in Ubuntu) to 18.9.0-3ubuntu1.1 (23.4 KiB)

Builds

Package files

python-twisted-bin-dbg_18.9.0-3ubuntu1.1_amd64.deb (56.7 KiB)
python-twisted-bin-dbg_18.9.0-3ubuntu1.1_arm64.deb (55.2 KiB)
python-twisted-bin-dbg_18.9.0-3ubuntu1.1_armhf.deb (56.3 KiB)
python-twisted-bin-dbg_18.9.0-3ubuntu1.1_i386.deb (55.3 KiB)
python-twisted-bin-dbg_18.9.0-3ubuntu1.1_ppc64el.deb (56.4 KiB)
python-twisted-bin-dbg_18.9.0-3ubuntu1.1_s390x.deb (59.5 KiB)
python-twisted-bin_18.9.0-3ubuntu1.1_amd64.deb (15.2 KiB)
python-twisted-bin_18.9.0-3ubuntu1.1_arm64.deb (14.4 KiB)
python-twisted-bin_18.9.0-3ubuntu1.1_armhf.deb (14.1 KiB)
python-twisted-bin_18.9.0-3ubuntu1.1_i386.deb (14.7 KiB)
python-twisted-bin_18.9.0-3ubuntu1.1_ppc64el.deb (14.9 KiB)
python-twisted-bin_18.9.0-3ubuntu1.1_s390x.deb (15.1 KiB)
python-twisted-conch_18.9.0-3ubuntu1.1_all.deb (23.6 KiB)
python-twisted-core_18.9.0-3ubuntu1.1_all.deb (1.9 MiB)
python-twisted-mail_18.9.0-3ubuntu1.1_all.deb (18.3 KiB)
python-twisted-names_18.9.0-3ubuntu1.1_all.deb (13.8 KiB)
python-twisted-news_18.9.0-3ubuntu1.1_all.deb (3.2 KiB)
python-twisted-runner-dbg_18.9.0-3ubuntu1.1_all.deb (1.1 KiB)
python-twisted-runner_18.9.0-3ubuntu1.1_all.deb (3.2 KiB)
python-twisted-web_18.9.0-3ubuntu1.1_all.deb (72.1 KiB)
python-twisted-words_18.9.0-3ubuntu1.1_all.deb (14.2 KiB)
python-twisted_18.9.0-3ubuntu1.1_all.deb (3.6 KiB)
python3-twisted-bin-dbg_18.9.0-3ubuntu1.1_amd64.deb (56.2 KiB)
python3-twisted-bin-dbg_18.9.0-3ubuntu1.1_arm64.deb (54.8 KiB)
python3-twisted-bin-dbg_18.9.0-3ubuntu1.1_armhf.deb (53.8 KiB)
python3-twisted-bin-dbg_18.9.0-3ubuntu1.1_i386.deb (54.1 KiB)
python3-twisted-bin-dbg_18.9.0-3ubuntu1.1_ppc64el.deb (56.0 KiB)
python3-twisted-bin-dbg_18.9.0-3ubuntu1.1_s390x.deb (54.8 KiB)
python3-twisted-bin_18.9.0-3ubuntu1.1_amd64.deb (10.9 KiB)
python3-twisted-bin_18.9.0-3ubuntu1.1_arm64.deb (10.4 KiB)
python3-twisted-bin_18.9.0-3ubuntu1.1_armhf.deb (10.0 KiB)
python3-twisted-bin_18.9.0-3ubuntu1.1_i386.deb (11.0 KiB)
python3-twisted-bin_18.9.0-3ubuntu1.1_ppc64el.deb (10.9 KiB)
python3-twisted-bin_18.9.0-3ubuntu1.1_s390x.deb (10.6 KiB)
python3-twisted_18.9.0-3ubuntu1.1_all.deb (1.8 MiB)
twisted-doc_18.9.0-3ubuntu1.1_all.deb (754.6 KiB)
twisted_18.9.0-3ubuntu1.1.debian.tar.xz (40.5 KiB)
twisted_18.9.0-3ubuntu1.1.dsc (3.6 KiB)
twisted_18.9.0.orig.tar.bz2 (2.9 MiB)