[ubuntu/impish-security] twisted 20.3.0-7ubuntu1.1 (Accepted)
Ray Veldkamp
ray.veldkamp at canonical.com
Wed Mar 30 03:38:21 UTC 2022
twisted (20.3.0-7ubuntu1.1) impish-security; urgency=medium
* SECURITY UPDATE: Information disclosure results in leaking of HTTP cookie
and authorization headers when following cross origin redirects
- debian/patches/CVE-2022-21712-*.patch: Ensure sensitive HTTP headers are
removed when forming requests, in src/twisted/web/client.py,
src/twisted/web/test/test_agent.py and src/twisted/web/iweb.py.
- CVE-2022-21712
* SECURITY UPDATE: Parsing of SSH version identifier field during an SSH
handshake can result in a denial of service when excessively large packets
are received
- debian/patches/CVE-2022-21716-*.patch: Ensure that length of received
handshake buffer is checked, prior to processing version string in
src/twisted/conch/ssh/transport.py and
src/twisted/conch/test/test_transport.py
- CVE-2022-21716
Date: 2022-03-16 01:27:09.928717+00:00
Changed-By: Ray Veldkamp <ray.veldkamp at canonical.com>
https://launchpad.net/ubuntu/+source/twisted/20.3.0-7ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the impish-changes
mailing list