[ubuntu/focal-security] twisted 18.9.0-11ubuntu0.20.04.2 (Accepted)
Ray Veldkamp
ray.veldkamp at canonical.com
Wed Mar 30 05:26:51 UTC 2022
twisted (18.9.0-11ubuntu0.20.04.2) focal-security; urgency=medium
* SECURITY UPDATE: Information disclosure results in leaking of HTTP cookie
and authorization headers when following cross origin redirects
- debian/patches/CVE-2022-21712-*.patch: Ensure sensitive HTTP headers are
removed when forming requests, in src/twisted/web/client.py,
src/twisted/web/test/test_agent.py and src/twisted/web/iweb.py.
- CVE-2022-21712
* SECURITY UPDATE: Parsing of SSH version identifier field during an SSH
handshake can result in a denial of service when excessively large packets
are received
- debian/patches/CVE-2022-21716-*.patch: Ensure that length of received
handshake buffer is checked, prior to processing version string in
src/twisted/conch/ssh/transport.py and
src/twisted/conch/test/test_transport.py
- CVE-2022-21716
Date: 2022-03-21 10:46:10.766912+00:00
Changed-By: Ray Veldkamp <ray.veldkamp at canonical.com>
https://launchpad.net/ubuntu/+source/twisted/18.9.0-11ubuntu0.20.04.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list