Format: 1.8 Date: Mon, 16 Mar 2020 12:51:15 -0400 Source: twisted Binary: python-twisted-bin python-twisted-bin-dbg python3-twisted-bin python3-twisted-bin-dbg Architecture: ppc64el Version: 18.9.0-3ubuntu1.1 Distribution: eoan Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: python-twisted-bin - Event-based framework for internet applications python-twisted-bin-dbg - Event-based framework for internet applications (debug extension) python3-twisted-bin - Event-based framework for internet applications python3-twisted-bin-dbg - Event-based framework for internet applications (debug extension) Changes: twisted (18.9.0-3ubuntu1.1) eoan-security; urgency=medium . * SECURITY UPDATE: incorrect URI and HTTP method validation - debian/patches/CVE-2019-12387.patch: prevent CRLF injections in src/twisted/web/_newclient.py, src/twisted/web/client.py, src/twisted/web/test/injectionhelpers.py, src/twisted/web/test/test_agent.py, src/twisted/web/test/test_webclient.py. - CVE-2019-12387 * SECURITY UPDATE: incorrect cert validation in XMPP support - debian/patches/CVE-2019-12855-*.patch: upstream patches to implement certificate checking. - CVE-2019-12855 * SECURITY UPDATE: HTTP/2 denial of service issues - debian/patches/CVE-2019-951x.patch: buffer outbound control frames and timeout invalid clients in src/twisted/web/_http2.py, src/twisted/web/error.py, src/twisted/web/http.py, src/twisted/web/test/test_http.py, src/twisted/web/test/test_http2.py. - CVE-2019-9512 - CVE-2019-9514 - CVE-2019-9515 * SECURITY UPDATE: request smuggling attacks - debian/patches/CVE-2020-1010x-pre1.patch: refactor to reduce duplication in src/twisted/web/test/test_http.py. - debian/patches/CVE-2020-1010x.patch: fix several request smuggling attacks in src/twisted/web/http.py, src/twisted/web/test/test_http.py. - CVE-2020-10108 - CVE-2020-10109 Checksums-Sha1: fe606b80e31b921fb8e71b88d6a2e6bb3f3545ae 57744 python-twisted-bin-dbg_18.9.0-3ubuntu1.1_ppc64el.deb 7155ffd3da0adc3597e9185e4d806b546f5584dc 15228 python-twisted-bin_18.9.0-3ubuntu1.1_ppc64el.deb 324252e19e9f66a692d57a59e3a2f2a999d8b1b0 57316 python3-twisted-bin-dbg_18.9.0-3ubuntu1.1_ppc64el.deb 7add4301b2fcb03cb729dd99220201ad28d0ba24 11184 python3-twisted-bin_18.9.0-3ubuntu1.1_ppc64el.deb ea35380ab8c67179e11f5c293a0dc8ecff0c3e84 8806 twisted_18.9.0-3ubuntu1.1_ppc64el.buildinfo Checksums-Sha256: 9d8e26b06f7e0f2592b263a34d3b0c9db4c9c8975291b6217b4bdf321d57be4f 57744 python-twisted-bin-dbg_18.9.0-3ubuntu1.1_ppc64el.deb 3242269d3ef0c486a72f61a26e485d96fbfec8acc224cffcea64cb1c3c71b062 15228 python-twisted-bin_18.9.0-3ubuntu1.1_ppc64el.deb 6a85e3d7bca5d362635abad91b14924786cf9af74419b6bc265392457a415228 57316 python3-twisted-bin-dbg_18.9.0-3ubuntu1.1_ppc64el.deb 926487fd96e5391230b41c1c633e4632c051ce27ff92619da1f428400f24b322 11184 python3-twisted-bin_18.9.0-3ubuntu1.1_ppc64el.deb 7d3964da0fc13b8ebdf2fcdc4f7dbff47a0e0b1d4dfcc01e482572df99999a65 8806 twisted_18.9.0-3ubuntu1.1_ppc64el.buildinfo Files: 13596d06425d6ef278e39aef2cdaabcc 57744 debug optional python-twisted-bin-dbg_18.9.0-3ubuntu1.1_ppc64el.deb 0001fee99b2d35cda310ba94ab1b62ab 15228 python optional python-twisted-bin_18.9.0-3ubuntu1.1_ppc64el.deb 7c5895a483424f9612d4d7950ff2c55e 57316 debug optional python3-twisted-bin-dbg_18.9.0-3ubuntu1.1_ppc64el.deb c43ec30065c42d13c9c080a179d726d1 11184 python optional python3-twisted-bin_18.9.0-3ubuntu1.1_ppc64el.deb bb3b761a24d38d69a59bd33d36975e2d 8806 python optional twisted_18.9.0-3ubuntu1.1_ppc64el.buildinfo Original-Maintainer: Debian Python Modules Team