Publishing details
Changelog
twisted (18.9.0-11ubuntu0.20.04.2) focal-security; urgency=medium
* SECURITY UPDATE: Information disclosure results in leaking of HTTP cookie
and authorization headers when following cross origin redirects
- debian/patches/CVE-2022-21712-*.patch: Ensure sensitive HTTP headers are
removed when forming requests, in src/twisted/web/client.py,
src/twisted/web/test/test_agent.py and src/twisted/web/iweb.py.
- CVE-2022-21712
* SECURITY UPDATE: Parsing of SSH version identifier field during an SSH
handshake can result in a denial of service when excessively large packets
are received
- debian/patches/CVE-2022-21716-*.patch: Ensure that length of received
handshake buffer is checked, prior to processing version string in
src/twisted/conch/ssh/transport.py and
src/twisted/conch/test/test_transport.py
- CVE-2022-21716
-- Ray Veldkamp <email address hidden> Mon, 21 Mar 2022 21:13:42 +1100
Builds
Built packages
-
python3-twisted
Event-based framework for internet applications
-
python3-twisted-bin
Event-based framework for internet applications
-
python3-twisted-bin-dbg
Event-based framework for internet applications (debug extension)
-
twisted-doc
Official documentation of Twisted
Package files