[SECURITY] [DLA 2145-2] twisted security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2145-2] twisted security update
From: "Chris Lamb" <lamby@debian.org>
Date: Thu, 19 Mar 2020 17:13:20 +0000
Message-id: <[🔎] 1d9ff69f-6f6a-4a2d-8bee-f7eb30ab9a11@sloti26t01>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : twisted
Version        : 14.0.2-3+deb8u2
CVE IDs        : CVE-2020-10108 CVE-2020-10109
Debian Bug     : #953950

It was discovered that there were was a regression introduced in
DLA-2145-1 due to the incorrect application of the upstream patch for
CVE-2020-10108 & CVE-2020-10109 regarding a number of HTTP request
splitting vulnerabilities in Twisted, an Python event-based framework
for building various types of internet applications.

Thanks to Etienne Allovon for the detailed report.

For Debian 8 "Jessie", these issues have been fixed in twisted
version 14.0.2-3+deb8u2.

We recommend that you upgrade your twisted packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl5zp/AACgkQHpU+J9Qx
HljCKQ//cday9qW1xxNwI/W4RPjVoQDtAf3DYsoahCxqJf4ontA6JdQ3esEQq1y9
kQQOBw3uK9D8c3e6OnDfa98RmnQ4R2owwF9PpVJiOtC918IngXvqvLJ7qgw/ZyxR
iBXo6VYGoaFyTTs7upME/Kxrd2ZJ+p/knQ5ikKxek4FibiPlP73HDWZjnZJSmIqX
UYmeHHywRgc3bZjOXdtQFRY96Wh8DR8teO/GcU1QpbWiKYu8yAajzdj4Y9qgBS5l
qNkKqbSm49XwkkObxRgK40QU7lh6hp0BohE/+fXZhO0lTO9JowKeYh/LHGUfJv5j
ikOGz8YtAmnzytK8H6FGZlkKfa+CPehvaGZ8txkFm7Z1yv96Ixb83ToM9J8OGvbI
D0dI8o/SrWTCP21g/4NYLzCnObquaizjyXHBZDCZ1uYuJD0BuWkMmOV1+PoMRusp
abNL//RV3ujNUxU/6iX3bUX/WBhxDVdttcBg1u69JiiZ7wut73J1OYZMO94V7Uyd
dUO+ZcMEaNJifl6L+OGiLc13MUVrPaVwDOh5KC6xrD4IU99aR7GtjOOjbmA8izXi
3uboMJwEayYE+xpVq9PsYD/u86rUASMGG7qCYq6nWz32rAmtS3ls7bBjwupo5HPf
1/5DYSuG/3M02S/Hm3VrZqTVFbjx7vemzLWznGEgyH7ZsoV89zY=
=n9Mt
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2147-1] gdal security update
Next by Date: [SECURITY] [DLA 2149-1] rails security update
Previous by thread: [SECURITY] [DLA 2147-1] gdal security update
Next by thread: [SECURITY] [DLA 2149-1] rails security update
Index(es):
- Date
- Thread