Package "python3-twisted"
Name: |
python3-twisted
|
Description: |
Event-based framework for internet applications
|
Latest version: |
18.9.0-11ubuntu0.20.04.3 |
Release: |
focal (20.04) |
Level: |
security |
Repository: |
main |
Head package: |
twisted |
Homepage: |
https://twistedmatrix.com/ |
Links
Download "python3-twisted"
Other versions of "python3-twisted" in Focal
Changelog
twisted (18.9.0-11ubuntu0.20.04.3) focal-security; urgency=medium
* SECURITY UPDATE: script injection via unescaped 404 response
- debian/patches/CVE-2022-39348.patch: fix NameVirtualHost HTML
injection vulnerability.
- CVE-2022-39348
* SECURITY UPDATE: Disordered HTTP pipeline response in twisted.web
- debian/patches/CVE-2023-46137-*.patch: handle requests in raw mode.
- CVE-2023-46137
-- Marc Deslauriers <email address hidden> Mon, 04 Dec 2023 09:02:22 -0500
|
Source diff to previous version |
CVE-2022-39348 |
Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twi |
CVE-2023-46137 |
Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, tw |
|
twisted (18.9.0-11ubuntu0.20.04.2) focal-security; urgency=medium
* SECURITY UPDATE: Information disclosure results in leaking of HTTP cookie
and authorization headers when following cross origin redirects
- debian/patches/CVE-2022-21712-*.patch: Ensure sensitive HTTP headers are
removed when forming requests, in src/twisted/web/client.py,
src/twisted/web/test/test_agent.py and src/twisted/web/iweb.py.
- CVE-2022-21712
* SECURITY UPDATE: Parsing of SSH version identifier field during an SSH
handshake can result in a denial of service when excessively large packets
are received
- debian/patches/CVE-2022-21716-*.patch: Ensure that length of received
handshake buffer is checked, prior to processing version string in
src/twisted/conch/ssh/transport.py and
src/twisted/conch/test/test_transport.py
- CVE-2022-21716
-- Ray Veldkamp <email address hidden> Mon, 21 Mar 2022 21:13:42 +1100
|
CVE-2022-21712 |
twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following |
CVE-2022-21716 |
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is ab |
|
About
-
Send Feedback to @ubuntu_updates