[ubuntu/focal-updates] twisted 18.9.0-11ubuntu0.20.04.2 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Wed Mar 30 05:58:33 UTC 2022

twisted (18.9.0-11ubuntu0.20.04.2) focal-security; urgency=medium
  * SECURITY UPDATE: Information disclosure results in leaking of HTTP cookie
    and authorization headers when following cross origin redirects
    - debian/patches/CVE-2022-21712-*.patch: Ensure sensitive HTTP headers are
      removed when forming requests, in src/twisted/web/client.py,
      src/twisted/web/test/test_agent.py and src/twisted/web/iweb.py.
    - CVE-2022-21712

  * SECURITY UPDATE: Parsing of SSH version identifier field during an SSH
    handshake can result in a denial of service when excessively large packets
    are received
    - debian/patches/CVE-2022-21716-*.patch: Ensure that length of received
      handshake buffer is checked, prior to processing version string in
      src/twisted/conch/ssh/transport.py and
    - CVE-2022-21716

Date: 2022-03-21 10:46:10.766912+00:00
Changed-By: Ray Veldkamp <ray.veldkamp at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Focal-changes mailing list