twisted (22.1.0-2ubuntu2.6) jammy-security; urgency=medium
* SECURITY UPDATE: Out-of-order HTTP request processing.
- debian/patches/CVE-2024-41671-*.patch: Move self.allContentReceived()
after self._dataBuffer.append(data) in src/twisted/web/http.py. Add
tests.
- CVE-2024-41671
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Fri, 22 Nov 2024 14:19:41 -0330
twisted (22.1.0-2ubuntu2.5) jammy-security; urgency=medium
* SECURITY UPDATE: HTML injection in HTTP redirect body
- debian/patches/CVE-2024-41810-*.patch: added output
encoding in redirect HTML
- CVE-2024-41810
-- Nick Galanis <nick.galanis@canonical.com> Tue, 27 Aug 2024 11:14:59 +0300
twisted (22.1.0-2ubuntu2.4) jammy-security; urgency=medium
* SECURITY UPDATE: script injection via unescaped 404 response
- debian/patches/CVE-2022-39348.patch: fix NameVirtualHost HTML
injection vulnerability.
- CVE-2022-39348
* SECURITY UPDATE: Disordered HTTP pipeline response in twisted.web
- debian/patches/CVE-2023-46137-*.patch: handle requests in raw mode.
- CVE-2023-46137
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 04 Dec 2023 08:17:10 -0500
twisted (22.1.0-2ubuntu2.3) jammy-security; urgency=medium
* SECURITY UPDATE: Parsing of HTTP request headers was found to be
not fully compliant with RFC 7230 specifications, which could
result in HTTP request smuggling for certain multi-server
configurations
- debian/patches/CVE-2022-24801-*.patch: Ensure only permitted characters
are present in Content-Length headers, improve parsing of Chunk Length
values and fix stripping of whitespace in HTTP headers in
src/twisted/web/http.py and src/twisted/web/test/test_http.py
- CVE-2022-24801
-- Ray Veldkamp <ray.veldkamp@canonical.com> Thu, 11 Aug 2022 12:24:30 +1000
twisted (22.1.0-2ubuntu2.1) jammy-security; urgency=medium
* SECURITY UPDATE: Parsing of SSH version identifier field during an SSH
handshake can result in a denial of service when excessively large packets
are received
- debian/patches/CVE-2022-21716-*.patch: Ensure that length of received
handshake buffer is checked, prior to processing version string in
src/twisted/conch/ssh/transport.py and
src/twisted/conch/test/test_transport.py
- CVE-2022-21716
-- Ray Veldkamp <ray.veldkamp@canonical.com> Wed, 04 May 2022 11:36:26 +1000
twisted (22.1.0-2ubuntu2) jammy; urgency=medium
* Import Literal from typing instead of typing_extensions in
a few more places
-- Graham Inggs <ginggs@ubuntu.com> Wed, 23 Feb 2022 19:53:17 +0000
twisted (22.1.0-2ubuntu1) jammy; urgency=medium
* Import Literal from typing instead of typing_extensions,
see #978536
-- Graham Inggs <ginggs@ubuntu.com> Wed, 23 Feb 2022 07:46:09 +0000
twisted (22.1.0-2) unstable; urgency=medium
* Team upload.
* Removal of a private _PY3 constant breaks treq << 20.9.0.
-- Andrej Shadura <andrewsh@debian.org> Thu, 17 Feb 2022 11:40:49 +0100
twisted (22.1.0-1) unstable; urgency=medium
* Team upload
[ Carsten Schoenert ]
* d/gbp.conf: Extend with some more defaults
* d/watch: Update to version 4
* New upstream version 21.7.0
* Rebuild patch queue from patch-queue branch
Updated/Rebased/Adjusted/Renamed patches:
0003-sphinx-theme.patch ->
debian-hacks/Sphinx-Set-html_theme-to-twisteddefault.patch
0004-localIntersphinx.patch ->
debian-hacks/Sphinx-Set-intersphinx_mapping-for-py3.patch
0005-insecure-pythonpath.patch ->
debian-hacks/Security-Fix-vulnerable-example-of-PYTHONPATH.patch
0006-fix-sphinx-import-path.patch ->
debian-hacks/Sphinx-Adjust-setup-of-sys.path.insert.patch
0009-no-stderr-in-test_ckeygen.patch ->
tests/Tests-Fix-ckeygen-test-writing-to-stderr.patch
0010-handle-setlocale-test-failure.patch ->
tests/Tests-Handle-setlocale-more-tolerant.patch
0012-Skip-test-for-empty-cypher-string-openssl-does-not-t.patch ->
tests/Tests-Skip-test-for-empty-cypher-string.patch
0013-Drop-test_givesMeaningfulErrorMessageIfNoCipherMatch.patch ->
tests/Tests-Drop-test_givesMeaningfulErrorMessageIfNoCipherMatc.patch
0016-Try-exec-ing-ckeygen3-if-ckeygen-was-not-found.patch ->
debian-hacks/Try-exec-ing-ckeygen3-if-ckeygen-was-not-found.patch
Removed patches (included upstream):
0001-wxpython3.0.patch
0002-combinedlog.patch
0008-sort-option-keys.patch
0010-spurious-failure-in-setup-unit-tests.patch
0011-Ignore-fuction-name-in-SSL-error-code-in-tests-to-wo.patch
0017-Add-digestmod-parameter-to-HMAC.__init__-invocations.patch
0018-Make-the-twisted-tests-work-when-pyOpenSSL-deletes-N.patch
0019-Replace-base64.-string-functions-to-fix-py3.9-suppor.patch
0020-Fix-imap4-utf-7-codec-lookup-function-for-Python-3.9.patch
0021-Merge-9652-wiml-mktime-Allow-mktime-to-raise-EOVERFL.patch
0022-increase-size-of-FFDH-keys-for-conch-testing.patch
0023-Merge-9801-rodrigc-cgi-Change-import-of-cgi.parse_qs.patch
0024-fixed-corrupted-iqmp-value-in-test-RSA-key.patch
0025-Skip-failing-twisted.web.test.test_http.QueryArgumen.patch
* d/control: Add new required build dependencies
Adding pydoctor and python3-typing-extensions as new dependency required
for the package build.
* d/rules: Drop dh_movefiles for python3-twisted-bin
The files which were moved within target aren't existing any more.
* autopkgtest: Adjust testing call
* Rebuild patch queue from patch-queue branch
Added patches:
documentation/docs-Don-t-depend-on-git-stuff.patch
documentation/docs-conf.py-Adjust-the-intersphinx-mapping.patch
documentation/docs-conf.py-Don-t-use-intersphinx-within-pydoctor_args.patch
privacy/Privacy-Don-t-sideload-Google-Analytics.patch
tests/Test-Ignore-test_failure.py-file.patch
tests/Testing-Ignore-test-around-git-tooling.patch
tests/Tests-Ignore-test_listingModulesAlreadyImport.patch
tests/Tests-Ignore-test_unicodeLogFileUTF8.patch
tests/Tests-Ignore-tests-with-some-version-checking.patch
Adding some more required patches so the build and a later done
autopkgtest will succeed.
* Lintian: Remove override for python3-twisted
* d/control: Remove packages python3-twisted-{bin,dbg}
These packages arn't build any more, the source for previous created SO
files are now living within a own new upstream project.
* d/*control: Running wrap-and-sort -ast
* d/control: Update Standards-Version to 4.6.0
No further changes needed.
* d/rules: Ignore things around previous apidocs folder
* d/control: Adjust and update Build-Depends
Drop python2-doc and python3-all-{dbg,dev}, adding an versioned
dependency on pydoctor >= 21.12.1.
* d/control: Update suggestion of python3-twisted
* d/rules: Move over to debhelper style
Using debhelper targets within d/rules improves the readability
enormously and decreases the amount the really needed content to an
minimum.
* metadata: Update to serve more content
Extend data to also include the fields for Bug-Database, Bug-Submit and
FAQ.
* d/control: Adding entry Rules-Requires-Root: no
* d/d/options: Drop config file
* d/copyright: Update to current year data
* d/python3-twisted.post{inst.rm}: Uniform indentation style
* d/rules: Adjust shebang to use python3 in twisted-doc
* Lintian: Adding an override for twisted-doc
[ Andrej Shadura ]
* New upstream release.
* Update dependency versions.
* Refresh patches.
* Use dh-sequence-python3 instead of --with python3.
-- Andrej Shadura <andrewsh@debian.org> Thu, 10 Feb 2022 14:48:43 +0100
twisted (20.3.0-7) unstable; urgency=medium
* Team upload.
* Use the correct patch for upload (Closes: #984493) Sorry!
-- Ole Streicher <olebole@debian.org> Sat, 24 Apr 2021 18:36:24 +0200
# For older changelog entries, run 'apt-get changelog python3-twisted'
Generated by dwww version 1.14 on Tue Aug 26 14:37:19 CEST 2025.