Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted twisted 18.9.0-8 (source) into unstable
Date: Mon, 23 Mar 2020 20:57:36 +0000
Signed by: Andrew Shadura <andrewsh@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 23 Mar 2020 21:14:09 +0100
Source: twisted
Architecture: source
Version: 18.9.0-8
Distribution: unstable
Urgency: high
Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
Changed-By: Andrej Shadura <andrewsh@debian.org>
Closes: 930389 930626 948560 953950
Changes:
 twisted (18.9.0-8) unstable; urgency=high
 .
   * A no-change upload to set urgency to high since the upload
     fixes security issues.
 .
 twisted (18.9.0-7) unstable; urgency=medium
 .
   [ Marc Deslauriers ]
   * SECURITY UPDATE: incorrect URI and HTTP method validation
     - debian/patches/CVE-2019-12387.patch: prevent CRLF injections in
       src/twisted/web/_newclient.py, src/twisted/web/client.py,
       src/twisted/web/test/injectionhelpers.py,
       src/twisted/web/test/test_agent.py,
       src/twisted/web/test/test_webclient.py.
     - CVE-2019-12387
     - Closes: #930389
   * SECURITY UPDATE: incorrect cert validation in XMPP support
     - debian/patches/CVE-2019-12855-*.patch: upstream patches to implement
       certificate checking.
     - CVE-2019-12855
     - Closes: #930626
   * SECURITY UPDATE: HTTP/2 denial of service issues
     - debian/patches/CVE-2019-951x.patch: buffer outbound control frames
       and timeout invalid clients in src/twisted/web/_http2.py,
       src/twisted/web/error.py, src/twisted/web/http.py,
       src/twisted/web/test/test_http.py,
       src/twisted/web/test/test_http2.py.
     - CVE-2019-9511
     - CVE-2019-9514
     - CVE-2019-9515
   * SECURITY UPDATE: request smuggling attacks
     - debian/patches/CVE-2020-1010x-pre1.patch: refactor to reduce
       duplication in src/twisted/web/test/test_http.py.
     - debian/patches/CVE-2020-1010x.patch: fix several request smuggling
       attacks in src/twisted/web/http.py,
       src/twisted/web/test/test_http.py.
     - CVE-2020-10108
     - CVE-2020-10109
     - Closes: #953950
 .
   [ Emmanuel Arias ]
   * Add patch to fix SyntaxWarning (Closes: #948560).
 .
   [ Moritz Muehlenhoff  ]
   * Remove Suggests on python-gtk2/python-glade2, which is being removed.
Checksums-Sha1:
 240d4f043a58ca6a557561a43364f61ff57324cd 3363 twisted_18.9.0-8.dsc
 1919f66c3d525e6b0e94b07bf8a419c208d5270c 41776 twisted_18.9.0-8.debian.tar.xz
Checksums-Sha256:
 53083bd6a882bc1dc919b9fed4647c4d9d9356aea18cbdc5ec0de280dea09d3d 3363 twisted_18.9.0-8.dsc
 820329295f00727ed2aed992adc841c13adf8d54425bfbb04a37941d344fc9ba 41776 twisted_18.9.0-8.debian.tar.xz
Files:
 03a3587d903c592ad422874ee88eb66d 3363 python optional twisted_18.9.0-8.dsc
 1ada38febf5d794ac88ab24972d0fbf8 41776 python optional twisted_18.9.0-8.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEeuS9ZL8A0js0NGiOXkCM2RzYOdIFAl55GOcACgkQXkCM2RzY
OdJcsQgAnxXh5rKU5z3CxC53cyEjWU13GejHoBpF2lod2N3e5TSC1mj1nSWkwNfU
xx2ETlI2NJe6rhb7vc9AyiXSLsx/02WgIwECrD5YTGfSaYppC3KcbhZJt//OpZw0
dEsKraD3IP9hNhVCLVq8pgfkp4jXJvMqZscg+lh5ssEQFqx6ldRJ1/JLXcPa8m04
KI0pPmMbCtLwZeBDz7a7LNIeAYoLuQAKWXenDjOj8UXWcOadyV380FD3WvAZj2fo
Pq9sreyNG9nwkniSEC7mDSYcUBYT60r3wH1A8Fcc+wYDsaoiLnW8ZetsBUemAtYw
2FoceS15SAQs6u78kflJ3AYzXt8MPw==
=1zEz
-----END PGP SIGNATURE-----
News for package twisted
