-
twisted (22.1.0-2ubuntu2.4) jammy-security; urgency=medium
* SECURITY UPDATE: script injection via unescaped 404 response
- debian/patches/CVE-2022-39348.patch: fix NameVirtualHost HTML
injection vulnerability.
- CVE-2022-39348
* SECURITY UPDATE: Disordered HTTP pipeline response in twisted.web
- debian/patches/CVE-2023-46137-*.patch: handle requests in raw mode.
- CVE-2023-46137
-- Marc Deslauriers <email address hidden> Mon, 04 Dec 2023 08:17:10 -0500
-
twisted (22.1.0-2ubuntu2.3) jammy-security; urgency=medium
* SECURITY UPDATE: Parsing of HTTP request headers was found to be
not fully compliant with RFC 7230 specifications, which could
result in HTTP request smuggling for certain multi-server
configurations
- debian/patches/CVE-2022-24801-*.patch: Ensure only permitted characters
are present in Content-Length headers, improve parsing of Chunk Length
values and fix stripping of whitespace in HTTP headers in
src/twisted/web/http.py and src/twisted/web/test/test_http.py
- CVE-2022-24801
-- Ray Veldkamp <email address hidden> Thu, 11 Aug 2022 12:24:30 +1000
-
twisted (22.1.0-2ubuntu2.1) jammy-security; urgency=medium
* SECURITY UPDATE: Parsing of SSH version identifier field during an SSH
handshake can result in a denial of service when excessively large packets
are received
- debian/patches/CVE-2022-21716-*.patch: Ensure that length of received
handshake buffer is checked, prior to processing version string in
src/twisted/conch/ssh/transport.py and
src/twisted/conch/test/test_transport.py
- CVE-2022-21716
-- Ray Veldkamp <email address hidden> Wed, 04 May 2022 11:36:26 +1000
-
twisted (22.1.0-2ubuntu2) jammy; urgency=medium
* Import Literal from typing instead of typing_extensions in
a few more places
-- Graham Inggs <email address hidden> Wed, 23 Feb 2022 19:53:17 +0000
-
twisted (22.1.0-2ubuntu1) jammy; urgency=medium
* Import Literal from typing instead of typing_extensions,
see #978536
-- Graham Inggs <email address hidden> Wed, 23 Feb 2022 07:46:09 +0000
-
twisted (22.1.0-2) unstable; urgency=medium
* Team upload.
* Removal of a private _PY3 constant breaks treq << 20.9.0.
-- Andrej Shadura <email address hidden> Thu, 17 Feb 2022 11:40:49 +0100
-
twisted (20.3.0-7ubuntu3) jammy; urgency=medium
* No-change rebuild to add python3.10.
-- Matthias Klose <email address hidden> Sun, 17 Oct 2021 12:22:05 +0200
-
twisted (20.3.0-7ubuntu1) impish; urgency=medium
* Merge from Debian unstable, remaining changes:
+ Fix NoneType encode error when multipart body does not include
content-disposition headers
twisted (20.3.0-7) unstable; urgency=medium
* Team upload.
* Use the correct patch for upload (Closes: #984493) Sorry!
twisted (20.3.0-6) unstable; urgency=medium
* Team upload.
* Fix skipIf call to actually fix autopkgtest
* Add Gitlab CI configuration
twisted (20.3.0-5) unstable; urgency=medium
* Team upload.
* skip failing QueryArgumentsTests.testParseqs test
-- Graham Inggs <email address hidden> Tue, 10 Aug 2021 09:34:55 +0000
