Format: 1.8 Date: Thu, 12 Mar 2020 09:35:26 -0400 Source: twisted Binary: python-twisted-bin python-twisted-bin-dbg python3-twisted-bin python3-twisted-bin-dbg Architecture: ppc64el Version: 18.9.0-6ubuntu1 Distribution: focal-proposed Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: python-twisted-bin - Event-based framework for internet applications python-twisted-bin-dbg - Event-based framework for internet applications (debug extension) python3-twisted-bin - Event-based framework for internet applications python3-twisted-bin-dbg - Event-based framework for internet applications (debug extension) Changes: twisted (18.9.0-6ubuntu1) focal; urgency=medium . * SECURITY UPDATE: incorrect URI and HTTP method validation - debian/patches/CVE-2019-12387.patch: prevent CRLF injections in src/twisted/web/_newclient.py, src/twisted/web/client.py, src/twisted/web/test/injectionhelpers.py, src/twisted/web/test/test_agent.py, src/twisted/web/test/test_webclient.py. - CVE-2019-12387 * SECURITY UPDATE: incorrect cert validation in XMPP support - debian/patches/CVE-2019-12855-*.patch: upstream patches to implement certificate checking. - CVE-2019-12855 * SECURITY UPDATE: HTTP/2 denial of service issues - debian/patches/CVE-2019-951x.patch: buffer outbound control frames and timeout invalid clients in src/twisted/web/_http2.py, src/twisted/web/error.py, src/twisted/web/http.py, src/twisted/web/test/test_http.py, src/twisted/web/test/test_http2.py. - CVE-2019-9511 - CVE-2019-9514 - CVE-2019-9515 * SECURITY UPDATE: request smuggling attacks - debian/patches/CVE-2020-1010x-pre1.patch: refactor to reduce duplication in src/twisted/web/test/test_http.py. - debian/patches/CVE-2020-1010x.patch: fix several request smuggling attacks in src/twisted/web/http.py, src/twisted/web/test/test_http.py. - CVE-2020-10108 - CVE-2020-10109 Checksums-Sha1: 7fed6d30665583fceae8511139b031c2e50f030e 57252 python-twisted-bin-dbg_18.9.0-6ubuntu1_ppc64el.deb 7f640bb4ae61f588e73fd3da45f940875503fda1 15216 python-twisted-bin_18.9.0-6ubuntu1_ppc64el.deb d5e1354de5d53a12a04ade470a67a14abcc153c4 57764 python3-twisted-bin-dbg_18.9.0-6ubuntu1_ppc64el.deb 44d545c2fac6413191acab16507fc8f0241c1d0a 11224 python3-twisted-bin_18.9.0-6ubuntu1_ppc64el.deb e86431dda3db3656f890cc90174ebc849ac6832e 9141 twisted_18.9.0-6ubuntu1_ppc64el.buildinfo Checksums-Sha256: 9490d05be353bdc4b68bcd2fb2afb502b42c16993314be55dd4e9e726cee4dc9 57252 python-twisted-bin-dbg_18.9.0-6ubuntu1_ppc64el.deb c2c309533a3f5f40b17481af287c0e4cd3b707352e0e447cc0e5ae28d84d8dfb 15216 python-twisted-bin_18.9.0-6ubuntu1_ppc64el.deb 84a58e1e8f9205ae48236d51b3de49eed36638fbb26d1e1fe7702eaaea92bca2 57764 python3-twisted-bin-dbg_18.9.0-6ubuntu1_ppc64el.deb 1893e59091f060d715896f1077137800449ff6dd7b878bc0ef646f81429ce2f3 11224 python3-twisted-bin_18.9.0-6ubuntu1_ppc64el.deb d25cd191629b5cd70414b603bff9148546c955247da40185aa2342cfedc41945 9141 twisted_18.9.0-6ubuntu1_ppc64el.buildinfo Files: 5ec83e71bc10f4674f16a0ec4b106e1b 57252 debug optional python-twisted-bin-dbg_18.9.0-6ubuntu1_ppc64el.deb 7f5084387e62d8f9cdd8b40646045111 15216 python optional python-twisted-bin_18.9.0-6ubuntu1_ppc64el.deb 6ac577764cf6f4d6b7dce5cdb2e4d1ca 57764 debug optional python3-twisted-bin-dbg_18.9.0-6ubuntu1_ppc64el.deb e20e4a45acb47dce73a89e78924efd7d 11224 python optional python3-twisted-bin_18.9.0-6ubuntu1_ppc64el.deb faa361f8fb2f0e7afb5507127ba10100 9141 python optional twisted_18.9.0-6ubuntu1_ppc64el.buildinfo Original-Maintainer: Debian Python Modules Team