-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 05 May 2022 09:59:26 -0400
Source: twisted
Binary: python3-twisted-bin python3-twisted-bin-dbg
Architecture: amd64
Version: 20.3.0-7+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: amd64 / i386 Build Daemon (x86-csail-01) <buildd_amd64-x86-csail-01@buildd.debian.org>
Changed-By: Stefano Rivera <stefanor@debian.org>
Description:
 python3-twisted-bin - Event-based framework for internet applications
 python3-twisted-bin-dbg - Event-based framework for internet applications (debug extension)
Changes:
 twisted (20.3.0-7+deb11u1) bullseye; urgency=medium
 .
   * Team upload.
   * CVE-2022-21712: Information disclosure results in leaking of HTTP cookie
     and authorization headers when following cross origin redirects
     - debian/patches/CVE-2022-21712-*.patch: Ensure sensitive HTTP headers are
       removed when forming requests, in src/twisted/web/client.py,
       src/twisted/web/test/test_agent.py and src/twisted/web/iweb.py.
     - Thanks Canonical for backporting the patches.
   * CVE-2022-21716: Parsing of SSH version identifier field during an SSH
     handshake can result in a denial of service when excessively large packets
     are received
     - debian/patches/CVE-2022-21716-*.patch: Ensure that length of received
       handshake buffer is checked, prior to processing version string in
       src/twisted/conch/ssh/transport.py and
       src/twisted/conch/test/test_transport.py
     - Thanks Canonical for backporting the patches.
   * CVE-2022-24801: Correct several defects in HTTP request parsing that could
     permit HTTP request smuggling: disallow signed Content-Length headers,
     forbid illegal characters in chunked extensions, forbid 0x prefix to chunk
     lengths, and only strip space and horizontal tab from header values.
     - debian/patches/CVE-2022-24801-*.patch
   * Patch: remove spurious test for illegal whitespace in xmlns, to allow
     tests to pass, again.
Checksums-Sha1:
 bca03e37faed86c43426da27b7e4bf5e0c9f93d1 67720 python3-twisted-bin-dbg_20.3.0-7+deb11u1_amd64.deb
 7fbda3dfcb7881b236aec91d1c4614a576fb5517 23100 python3-twisted-bin_20.3.0-7+deb11u1_amd64.deb
 59241df91735784dc33e2b0cc932c85efbbd9330 7622 twisted_20.3.0-7+deb11u1_amd64-buildd.buildinfo
Checksums-Sha256:
 8df25f3cefb6eec7cea8f7d3e3ae53e4ae716d6eb3b6c605bd66097171fe88a6 67720 python3-twisted-bin-dbg_20.3.0-7+deb11u1_amd64.deb
 46a930dee32dd0c2c63df5422eb9e3ae8e370af61c6b107c1451fa7a0488078d 23100 python3-twisted-bin_20.3.0-7+deb11u1_amd64.deb
 70a663bfc896621e52fbbfdfd05970a0dc6e2418fc918a9b8ad4c6332842c765 7622 twisted_20.3.0-7+deb11u1_amd64-buildd.buildinfo
Files:
 796eb13792b7e0d1689a654c9954b43e 67720 debug optional python3-twisted-bin-dbg_20.3.0-7+deb11u1_amd64.deb
 3151255dc7efd8ae36b70c2f2b06ac04 23100 python optional python3-twisted-bin_20.3.0-7+deb11u1_amd64.deb
 262c31b70b192da3448074424d52d60d 7622 python optional twisted_20.3.0-7+deb11u1_amd64-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEgTtIulJqCiUOC8/RqX+JKfZgT24FAmKAKvEACgkQqX+JKfZg
T27kaxAAkBO4CBaXEVz7a2dk4tsbd/mMM1B51L9O/YkC/WeS9h+GyS8EIe4WuSGT
/1ggyYLwXuD3580qjKI9BTNU2pGNA4vWgPJpiyEjrm3HtYUalR8cUJvtY3otYyec
TJxWSOBjLXJSAcWR+KZBjFBoL8weauCF+qvNlptJeDShVWh3XAHlVHh5b4hxdtGZ
+kbCt9BQqZ2hCR2W6rD6KQc6jltWOYiwr9O1nJYduYTD19xRASJtNzZqdyy4+O9x
MZibQnHmTAQOL8eA2TUeHYAjdrcr44ZXdcuNwEzpJCImrg20xGMm3mqAA6m+am/K
0KSn7rhxVTWO8oQh1fTo61V4VAK/fhfNqetGxVK/f0M0ksRoBHW9dhbs7w+Z1ZMF
Cy3fuhmxBGK85NxqV1IOkcff7r+cmMWu4TzLG/SFv8KQC/7POCKWb2bxV5/2GYCO
GAT1jj3z9Ifs0qWZAqvnwC+RLrBeWEAc200x+mbIYrWbbVuyXidy4HmbrI8v1ps7
kyEoh9mAUGy+WW+hCKLk2zXFZMD+QnENXP7nl7II3LIU9I8yhEWCcTFIgMhOaP0+
4tj5JsLM+UuzCyVFW3A9rWdg+rBidajgtc4CvXGLvi8T8rWoPZupCTlZ4T2Ahy7/
HE7tmLbXozT4WcGwUAEYCbxFl05R43FKhiyIqdQ7s5hP6p6rTKU=
=WsgU
-----END PGP SIGNATURE-----