Accepted twisted 20.3.0-7+deb11u1 (source) into proposed-updates->stable-new, proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted twisted 20.3.0-7+deb11u1 (source) into proposed-updates->stable-new, proposed-updates
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sat, 14 May 2022 14:10:30 +0000
Message-id: <[🔎] E1npsTW-0000jt-Q3@fasolo.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 05 May 2022 09:59:26 -0400
Source: twisted
Architecture: source
Version: 20.3.0-7+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Stefano Rivera <stefanor@debian.org>
Changes:
 twisted (20.3.0-7+deb11u1) bullseye; urgency=medium
 .
   * Team upload.
   * CVE-2022-21712: Information disclosure results in leaking of HTTP cookie
     and authorization headers when following cross origin redirects
     - debian/patches/CVE-2022-21712-*.patch: Ensure sensitive HTTP headers are
       removed when forming requests, in src/twisted/web/client.py,
       src/twisted/web/test/test_agent.py and src/twisted/web/iweb.py.
     - Thanks Canonical for backporting the patches.
   * CVE-2022-21716: Parsing of SSH version identifier field during an SSH
     handshake can result in a denial of service when excessively large packets
     are received
     - debian/patches/CVE-2022-21716-*.patch: Ensure that length of received
       handshake buffer is checked, prior to processing version string in
       src/twisted/conch/ssh/transport.py and
       src/twisted/conch/test/test_transport.py
     - Thanks Canonical for backporting the patches.
   * CVE-2022-24801: Correct several defects in HTTP request parsing that could
     permit HTTP request smuggling: disallow signed Content-Length headers,
     forbid illegal characters in chunked extensions, forbid 0x prefix to chunk
     lengths, and only strip space and horizontal tab from header values.
     - debian/patches/CVE-2022-24801-*.patch
   * Patch: remove spurious test for illegal whitespace in xmlns, to allow
     tests to pass, again.
Checksums-Sha1:
 b953fbeb230b136eec8d4991b47d9af01fc83894 1965 twisted_20.3.0-7+deb11u1.dsc
 57921a411ec3276d3ad929af13a0f7ce8a25372b 43572 twisted_20.3.0-7+deb11u1.debian.tar.xz
 e5c189d8c0a509d650a263ba784a9a20bd5d2e6c 6545 twisted_20.3.0-7+deb11u1_source.buildinfo
Checksums-Sha256:
 c0a73d67c2c30749b7d5aabbcd58037a6ed26414d0b570215de5f0e8c732ce19 1965 twisted_20.3.0-7+deb11u1.dsc
 60f42ddde10c7e8f01b32254579e78d254a53a8ef77b42fe76eb562a0bd6a4aa 43572 twisted_20.3.0-7+deb11u1.debian.tar.xz
 59b2ae2d809dc5a1bdb85ca832b23cb20c7d49ebd6f6d9beeb600022dd1637c0 6545 twisted_20.3.0-7+deb11u1_source.buildinfo
Files:
 a32632d50a6a6bb6514e2fde1698e70b 1965 python optional twisted_20.3.0-7+deb11u1.dsc
 ab9da6d93ae431fc8b0b4c06dbeca196 43572 python optional twisted_20.3.0-7+deb11u1.debian.tar.xz
 97fad520f87f79c74e1016eede16eeeb 6545 python optional twisted_20.3.0-7+deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iIoEARYKADIWIQTumtb5BSD6EfafSCRHew2wJjpU2AUCYnPchRQcc3RlZmFub3JA
ZGViaWFuLm9yZwAKCRBHew2wJjpU2Pt9AQC4qbmHzaI/nRwJcwoWvhaxH+3MtTIL
oOiQCR80sbENhwD/SzuWTE3rYUqa5o+SFNH3MGsiEyCakOQIdOhpJAtDlAQ=
=iXw5
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted twisted 18.9.0-3+deb10u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
Next by Date: Accepted mutt 2.0.5-4.1+deb11u1 (source) into proposed-updates->stable-new, proposed-updates
Previous by thread: Accepted twisted 18.9.0-3+deb10u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
Next by thread: Accepted mutt 2.0.5-4.1+deb11u1 (source) into proposed-updates->stable-new, proposed-updates
Index(es):
- Date
- Thread