[Python-modules-team] twisted_18.9.0-8_source.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Mon Mar 23 20:57:36 GMT 2020
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 23 Mar 2020 21:14:09 +0100
Source: twisted
Architecture: source
Version: 18.9.0-8
Distribution: unstable
Urgency: high
Maintainer: Debian Python Modules Team <python-modules-team at lists.alioth.debian.org>
Changed-By: Andrej Shadura <andrewsh at debian.org>
Closes: 930389 930626 948560 953950
Changes:
twisted (18.9.0-8) unstable; urgency=high
.
* A no-change upload to set urgency to high since the upload
fixes security issues.
.
twisted (18.9.0-7) unstable; urgency=medium
.
[ Marc Deslauriers ]
* SECURITY UPDATE: incorrect URI and HTTP method validation
- debian/patches/CVE-2019-12387.patch: prevent CRLF injections in
src/twisted/web/_newclient.py, src/twisted/web/client.py,
src/twisted/web/test/injectionhelpers.py,
src/twisted/web/test/test_agent.py,
src/twisted/web/test/test_webclient.py.
- CVE-2019-12387
- Closes: #930389
* SECURITY UPDATE: incorrect cert validation in XMPP support
- debian/patches/CVE-2019-12855-*.patch: upstream patches to implement
certificate checking.
- CVE-2019-12855
- Closes: #930626
* SECURITY UPDATE: HTTP/2 denial of service issues
- debian/patches/CVE-2019-951x.patch: buffer outbound control frames
and timeout invalid clients in src/twisted/web/_http2.py,
src/twisted/web/error.py, src/twisted/web/http.py,
src/twisted/web/test/test_http.py,
src/twisted/web/test/test_http2.py.
- CVE-2019-9511
- CVE-2019-9514
- CVE-2019-9515
* SECURITY UPDATE: request smuggling attacks
- debian/patches/CVE-2020-1010x-pre1.patch: refactor to reduce
duplication in src/twisted/web/test/test_http.py.
- debian/patches/CVE-2020-1010x.patch: fix several request smuggling
attacks in src/twisted/web/http.py,
src/twisted/web/test/test_http.py.
- CVE-2020-10108
- CVE-2020-10109
- Closes: #953950
.
[ Emmanuel Arias ]
* Add patch to fix SyntaxWarning (Closes: #948560).
.
[ Moritz Muehlenhoff ]
* Remove Suggests on python-gtk2/python-glade2, which is being removed.
Checksums-Sha1:
240d4f043a58ca6a557561a43364f61ff57324cd 3363 twisted_18.9.0-8.dsc
1919f66c3d525e6b0e94b07bf8a419c208d5270c 41776 twisted_18.9.0-8.debian.tar.xz
Checksums-Sha256:
53083bd6a882bc1dc919b9fed4647c4d9d9356aea18cbdc5ec0de280dea09d3d 3363 twisted_18.9.0-8.dsc
820329295f00727ed2aed992adc841c13adf8d54425bfbb04a37941d344fc9ba 41776 twisted_18.9.0-8.debian.tar.xz
Files:
03a3587d903c592ad422874ee88eb66d 3363 python optional twisted_18.9.0-8.dsc
1ada38febf5d794ac88ab24972d0fbf8 41776 python optional twisted_18.9.0-8.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEeuS9ZL8A0js0NGiOXkCM2RzYOdIFAl55GOcACgkQXkCM2RzY
OdJcsQgAnxXh5rKU5z3CxC53cyEjWU13GejHoBpF2lod2N3e5TSC1mj1nSWkwNfU
xx2ETlI2NJe6rhb7vc9AyiXSLsx/02WgIwECrD5YTGfSaYppC3KcbhZJt//OpZw0
dEsKraD3IP9hNhVCLVq8pgfkp4jXJvMqZscg+lh5ssEQFqx6ldRJ1/JLXcPa8m04
KI0pPmMbCtLwZeBDz7a7LNIeAYoLuQAKWXenDjOj8UXWcOadyV380FD3WvAZj2fo
Pq9sreyNG9nwkniSEC7mDSYcUBYT60r3wH1A8Fcc+wYDsaoiLnW8ZetsBUemAtYw
2FoceS15SAQs6u78kflJ3AYzXt8MPw==
=1zEz
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the Python-modules-team
mailing list