UbuntuUpdates.org

Package "python3-twisted"

Name: python3-twisted

Description:

Event-based framework for internet applications

Latest version: 22.1.0-2ubuntu2.5
Release: jammy (22.04)
Level: updates
Repository: main
Head package: twisted
Homepage: https://twistedmatrix.com/

Links


Download "python3-twisted"


Other versions of "python3-twisted" in Jammy

Repository Area Version
base main 22.1.0-2ubuntu2
security main 22.1.0-2ubuntu2.5

Changelog

Version: 22.1.0-2ubuntu2.5 2024-09-04 12:07:21 UTC

  twisted (22.1.0-2ubuntu2.5) jammy-security; urgency=medium

  * SECURITY UPDATE: HTML injection in HTTP redirect body
    - debian/patches/CVE-2024-41810-*.patch: added output
      encoding in redirect HTML
    - CVE-2024-41810

 -- Nick Galanis <email address hidden> Tue, 27 Aug 2024 11:14:59 +0300

Source diff to previous version
CVE-2024-41810 Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML in

Version: 22.1.0-2ubuntu2.4 2024-01-10 17:06:53 UTC

  twisted (22.1.0-2ubuntu2.4) jammy-security; urgency=medium

  * SECURITY UPDATE: script injection via unescaped 404 response
    - debian/patches/CVE-2022-39348.patch: fix NameVirtualHost HTML
      injection vulnerability.
    - CVE-2022-39348
  * SECURITY UPDATE: Disordered HTTP pipeline response in twisted.web
    - debian/patches/CVE-2023-46137-*.patch: handle requests in raw mode.
    - CVE-2023-46137

 -- Marc Deslauriers <email address hidden> Mon, 04 Dec 2023 08:17:10 -0500

Source diff to previous version
CVE-2022-39348 Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twi
CVE-2023-46137 Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, tw

Version: 22.1.0-2ubuntu2.3 2022-08-23 14:06:19 UTC

  twisted (22.1.0-2ubuntu2.3) jammy-security; urgency=medium

  * SECURITY UPDATE: Parsing of HTTP request headers was found to be
    not fully compliant with RFC 7230 specifications, which could
    result in HTTP request smuggling for certain multi-server
    configurations
    - debian/patches/CVE-2022-24801-*.patch: Ensure only permitted characters
      are present in Content-Length headers, improve parsing of Chunk Length
      values and fix stripping of whitespace in HTTP headers in
      src/twisted/web/http.py and src/twisted/web/test/test_http.py
    - CVE-2022-24801

 -- Ray Veldkamp <email address hidden> Thu, 11 Aug 2022 12:24:30 +1000

Source diff to previous version
CVE-2022-24801 Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, l

Version: 22.1.0-2ubuntu2.1 2022-05-05 09:06:31 UTC

  twisted (22.1.0-2ubuntu2.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Parsing of SSH version identifier field during an SSH
    handshake can result in a denial of service when excessively large packets
    are received
    - debian/patches/CVE-2022-21716-*.patch: Ensure that length of received
      handshake buffer is checked, prior to processing version string in
      src/twisted/conch/ssh/transport.py and
      src/twisted/conch/test/test_transport.py
    - CVE-2022-21716

 -- Ray Veldkamp <email address hidden> Wed, 04 May 2022 11:36:26 +1000

CVE-2022-21716 Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is ab



About   -   Send Feedback to @ubuntu_updates