UbuntuUpdates.org

Package "twisted"

Name: twisted

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Event-based framework for internet applications
  • Event-based framework for internet applications
  • Event-based framework for internet applications (debug extension)
  • Official documentation of Twisted
Latest version: 18.9.0-11ubuntu0.20.04.3
Release: focal (20.04)
Level: updates
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "twisted" in Focal

Repository Area Version
base main 18.9.0-11
security main 18.9.0-11ubuntu0.20.04.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 18.9.0-11ubuntu0.20.04.3 2024-01-10 17:06:52 UTC

  twisted (18.9.0-11ubuntu0.20.04.3) focal-security; urgency=medium

  * SECURITY UPDATE: script injection via unescaped 404 response
    - debian/patches/CVE-2022-39348.patch: fix NameVirtualHost HTML
      injection vulnerability.
    - CVE-2022-39348
  * SECURITY UPDATE: Disordered HTTP pipeline response in twisted.web
    - debian/patches/CVE-2023-46137-*.patch: handle requests in raw mode.
    - CVE-2023-46137

 -- Marc Deslauriers <email address hidden> Mon, 04 Dec 2023 09:02:22 -0500
Source diff to previous version
CVE-2022-39348 Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twi
CVE-2023-46137 Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, tw

Version: 18.9.0-11ubuntu0.20.04.2 2022-03-30 08:07:13 UTC

  twisted (18.9.0-11ubuntu0.20.04.2) focal-security; urgency=medium

  * SECURITY UPDATE: Information disclosure results in leaking of HTTP cookie
    and authorization headers when following cross origin redirects
    - debian/patches/CVE-2022-21712-*.patch: Ensure sensitive HTTP headers are
      removed when forming requests, in src/twisted/web/client.py,
      src/twisted/web/test/test_agent.py and src/twisted/web/iweb.py.
    - CVE-2022-21712

  * SECURITY UPDATE: Parsing of SSH version identifier field during an SSH
    handshake can result in a denial of service when excessively large packets
    are received
    - debian/patches/CVE-2022-21716-*.patch: Ensure that length of received
      handshake buffer is checked, prior to processing version string in
      src/twisted/conch/ssh/transport.py and
      src/twisted/conch/test/test_transport.py
    - CVE-2022-21716

 -- Ray Veldkamp <email address hidden> Mon, 21 Mar 2022 21:13:42 +1100
Source diff to previous version
CVE-2022-21712 twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following
CVE-2022-21716 Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is ab

Version: 18.9.0-11ubuntu0.20.04.1 2021-03-03 00:07:27 UTC

  twisted (18.9.0-11ubuntu0.20.04.1) focal; urgency=medium

  * Fix NoneType encode error when multipart body does not include
    content-disposition headers (LP: #1915819)
    - d/p/lp1915819-Fix-nonetype-encode-error.patch

 -- Victor Manuel Tapia King <email address hidden> Wed, 17 Feb 2021 14:46:53 +0100
1915819 'NoneType' object has no attribute 'encode' in requestReceived() when multipart body doesn't include content-disposition


About   -   Send Feedback to @ubuntu_updates