Publishing details
Changelog
twisted (16.0.0-1ubuntu0.4) xenial-security; urgency=medium
* SECURITY UPDATE: incorrect URI and HTTP method validation
- debian/patches/CVE-2019-12387.patch: prevent CRLF injections in
twisted/web/_newclient.py, twisted/web/client.py,
twisted/web/test/injectionhelpers.py,
twisted/web/test/test_agent.py,
twisted/web/test/test_webclient.py.
- CVE-2019-12387
* SECURITY UPDATE: incorrect cert validation in XMPP support
- debian/patches/CVE-2019-12855-*.patch: upstream patches to implement
certificate checking.
- CVE-2019-12855
* SECURITY UPDATE: request smuggling attacks
- debian/patches/CVE-2020-1010x-pre1.patch: refactor to reduce
duplication in twisted/web/test/test_http.py.
- debian/patches/CVE-2020-1010x.patch: fix several request smuggling
attacks in twisted/web/http.py,
twisted/web/test/test_http.py.
- CVE-2020-10108
- CVE-2020-10109
-- Marc Deslauriers <email address hidden> Thu, 19 Mar 2020 08:04:26 -0400
Builds
Built packages
-
python-twisted
Event-based framework for internet applications (dependency package)
-
python-twisted-bin
Event-based framework for internet applications
-
python-twisted-bin-dbg
Event-based framework for internet applications (debug extension)
-
python-twisted-conch
twisted dummy package for Twisted SSH Implementation
-
python-twisted-core
Event-based framework for internet applications
-
python-twisted-mail
twisted dummy package for SMTP, IMAP and POP protocol implementation
-
python-twisted-names
twisted package for DNS protocol implementation
-
python-twisted-news
twisted dummy package for NNTP protocol implementation
-
python-twisted-runner
twisted dummy package for process management
-
python-twisted-runner-dbg
twisted dummy package for process management
-
python-twisted-web
twisted dummy package for HTTP protocol implementation
-
python-twisted-words
twisted dummy package for Chat and Instant Messaging
-
python3-twisted
Event-based framework for internet applications
-
twisted-doc
Official documentation of Twisted
Package files