Package "python-twisted-news"
Name: |
python-twisted-news
|
Description: |
twisted dummy package for NNTP protocol implementation
|
Latest version: |
16.0.0-1ubuntu0.4 |
Release: |
xenial (16.04) |
Level: |
security |
Repository: |
universe |
Head package: |
twisted |
Links
Download "python-twisted-news"
Other versions of "python-twisted-news" in Xenial
Changelog
twisted (16.0.0-1ubuntu0.4) xenial-security; urgency=medium
* SECURITY UPDATE: incorrect URI and HTTP method validation
- debian/patches/CVE-2019-12387.patch: prevent CRLF injections in
twisted/web/_newclient.py, twisted/web/client.py,
twisted/web/test/injectionhelpers.py,
twisted/web/test/test_agent.py,
twisted/web/test/test_webclient.py.
- CVE-2019-12387
* SECURITY UPDATE: incorrect cert validation in XMPP support
- debian/patches/CVE-2019-12855-*.patch: upstream patches to implement
certificate checking.
- CVE-2019-12855
* SECURITY UPDATE: request smuggling attacks
- debian/patches/CVE-2020-1010x-pre1.patch: refactor to reduce
duplication in twisted/web/test/test_http.py.
- debian/patches/CVE-2020-1010x.patch: fix several request smuggling
attacks in twisted/web/http.py,
twisted/web/test/test_http.py.
- CVE-2020-10108
- CVE-2020-10109
-- Marc Deslauriers <email address hidden> Thu, 19 Mar 2020 08:04:26 -0400
|
Source diff to previous version |
CVE-2019-12387 |
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CR |
CVE-2019-12855 |
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to M |
CVE-2020-1010 |
RESERVED |
CVE-2020-10108 |
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the fir |
CVE-2020-10109 |
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header |
|
twisted (16.0.0-1ubuntu0.2) xenial-security; urgency=medium
* SECURITY UPDATE: HTTProxy issue
- debian/patches/CVE-2016-1000111.patch: fix implementation
in twisted/web/twcgi.py and add some test in
twisted/web/test/test_cgi.py.
- CVE-2016-1000111
-- <email address hidden> (Leonidas S. Barbosa) Thu, 01 Mar 2018 15:19:01 -0300
|
About
-
Send Feedback to @ubuntu_updates