[ubuntu/jammy-security] twisted 22.1.0-2ubuntu2.3 (Accepted)
Ray Veldkamp
ray.veldkamp at canonical.com
Tue Aug 23 12:28:23 UTC 2022
twisted (22.1.0-2ubuntu2.3) jammy-security; urgency=medium
* SECURITY UPDATE: Parsing of HTTP request headers was found to be
not fully compliant with RFC 7230 specifications, which could
result in HTTP request smuggling for certain multi-server
configurations
- debian/patches/CVE-2022-24801-*.patch: Ensure only permitted characters
are present in Content-Length headers, improve parsing of Chunk Length
values and fix stripping of whitespace in HTTP headers in
src/twisted/web/http.py and src/twisted/web/test/test_http.py
- CVE-2022-24801
Date: 2022-08-11 04:38:09.012543+00:00
Changed-By: Ray Veldkamp <ray.veldkamp at canonical.com>
https://launchpad.net/ubuntu/+source/twisted/22.1.0-2ubuntu2.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list