Publishing details
Changelog
twisted (17.9.0-2ubuntu0.3) bionic-security; urgency=medium
* SECURITY UPDATE: Information disclosure results in leaking of HTTP cookie
and authorization headers when following cross origin redirects
- debian/patches/CVE-2022-21712-*.patch: Ensure sensitive HTTP headers are
removed when forming requests, in src/twisted/web/client.py,
src/twisted/web/test/test_agent.py and src/twisted/web/iweb.py.
- CVE-2022-21712
* SECURITY UPDATE: Parsing of SSH version identifier field during an SSH
handshake can result in a denial of service when excessively large packets
are received
- debian/patches/CVE-2022-21716-*.patch: Ensure that length of received
handshake buffer is checked, prior to processing version string in
src/twisted/conch/ssh/transport.py and
src/twisted/conch/test/test_transport.py
- CVE-2022-21716
-- Ray Veldkamp <email address hidden> Tue, 22 Mar 2022 22:03:56 +1100
Builds
Built packages
-
python-twisted
Event-based framework for internet applications (dependency package)
-
python-twisted-bin
Event-based framework for internet applications
-
python-twisted-bin-dbg
Event-based framework for internet applications (debug extension)
-
python-twisted-conch
twisted dummy package for Twisted SSH Implementation
-
python-twisted-core
Event-based framework for internet applications
-
python-twisted-mail
twisted dummy package for SMTP, IMAP and POP protocol implementation
-
python-twisted-names
twisted package for DNS protocol implementation
-
python-twisted-news
twisted dummy package for NNTP protocol implementation
-
python-twisted-runner
twisted dummy package for process management
-
python-twisted-runner-dbg
twisted dummy package for process management
-
python-twisted-web
twisted dummy package for HTTP protocol implementation
-
python-twisted-words
twisted dummy package for Chat and Instant Messaging
-
python3-twisted
Event-based framework for internet applications
-
python3-twisted-bin
Event-based framework for internet applications
-
python3-twisted-bin-dbg
Event-based framework for internet applications (debug extension)
-
twisted-doc
Official documentation of Twisted
Package files