Debian Package Tracker

general

source: twisted (main)
version: 18.9.0-11
maintainer: Debian Python Modules Team (archive) (DMD)
uploaders: Matthias Klose [DMD]
arch: all any
std-ver: 4.4.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 14.0.2-3
o-o-sec: 14.0.2-3+deb8u2
oldstable: 16.6.0-2
old-bpo: 18.7.0-2~bpo9+2
stable: 18.9.0-3
stable-bpo: 18.9.0-8~bpo10+1
testing: 18.9.0-11
unstable: 18.9.0-11
exp: 20.3.0-1

versioned links

14.0.2-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
14.0.2-3+deb8u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
16.6.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
18.7.0-2~bpo9+2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
18.9.0-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
18.9.0-8~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
18.9.0-11: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20.3.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

python3-twisted
python3-twisted-bin
python3-twisted-bin-dbg
twisted-doc (1 bugs: 0, 0, 1, 0)

action needed

Debci reports failed tests high

unstable: fail (log)
The tests ran in 0:03:48
Last run: 2020-05-19 17:18:08 UTC
Previous status: fail

testing: fail (log)
The tests ran in 0:03:30
Last run: 2020-05-30 00:22:35 UTC
Previous status: fail

Created: 2019-03-09 Last update: 2020-06-02 03:11

A new upstream version is available: 20.3.0 high

A new upstream version 20.3.0 is available, you should consider packaging it.

Created: 2019-11-08 Last update: 2020-06-02 02:02

The VCS repository is not up to date, push the missing commits. high

vcswatch reports that the current version of the package is not in its VCS.
Either you need to push your commits and/or your tags, or the information about the package's VCS are out of date. A common cause of the latter issue when using the Git VCS is not specifying the correct branch when the packaging is not in the default one (remote HEAD branch), which is usually "master" but can be modified in salsa.debian.org in the project's general settings with the "Default Branch" field). Alternatively the Vcs-Git field in debian/control can contain a "-b <branch-name>" suffix to indicate what branch is used for the Debian packaging.

Created: 2019-02-20 Last update: 2020-05-30 13:35

lintian reports 6 errors and 18 warnings high

Lintian reports 6 errors and 18 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-05-21 Last update: 2020-05-21 00:09

Depends on packages which need a new maintainer normal

The packages that twisted depends on which need a new maintainer are:

zope.interface (#948811)
- Build-Depends: python3-zope.interface
- Depends: python3-zope.interface python3-zope.interface-dbg

Created: 2020-01-13 Last update: 2020-06-02 00:40

4 ignored security issues in buster low

There are 4 open security issues in buster.

4 issues skipped by the security teams:

CVE-2019-12387: In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
CVE-2019-12855: In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
CVE-2020-10108: In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.
CVE-2020-10109: In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.

Please fix them.

Created: 2019-06-11 Last update: 2020-04-12 07:21

2 ignored security issues in jessie low

There are 2 open security issues in jessie.

2 issues skipped by the security teams:

CVE-2019-12387: In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
CVE-2019-12855: In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.

Please fix them.

Created: 2019-06-11 Last update: 2020-04-12 07:21

4 ignored security issues in stretch low

There are 4 open security issues in stretch.

4 issues skipped by the security teams:

CVE-2019-12387: In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
CVE-2019-12855: In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
CVE-2020-10108: In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.
CVE-2020-10109: In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.

Please fix them.

Created: 2019-06-11 Last update: 2020-04-12 07:21

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.0 instead of 4.4.1).

Created: 2020-01-21 Last update: 2020-04-02 07:05

news

[rss feed]

[2020-04-12] twisted 18.9.0-11 MIGRATED to testing (Debian testing watch)
[2020-04-02] twisted 18.9.0-10 MIGRATED to testing (Debian testing watch)
[2020-04-02] Accepted twisted 18.9.0-11 (source) into unstable (Sandro Tosi)
[2020-03-30] Accepted twisted 18.9.0-8~bpo10+1 (all amd64 source) into buster-backports, buster-backports (Debian FTP Masters) (signed by: Andrew Shadura)
[2020-03-27] Accepted twisted 18.9.0-10 (source) into unstable (Andrej Shadura) (signed by: Andrew Shadura)
[2020-03-26] Accepted twisted 18.9.0-9 (source) into unstable (Andrej Shadura) (signed by: Andrew Shadura)
[2020-03-26] twisted 18.9.0-8 MIGRATED to testing (Debian testing watch)
[2020-03-23] Accepted twisted 20.3.0-1 (source) into experimental (Andrej Shadura) (signed by: Andrew Shadura)
[2020-03-23] Accepted twisted 18.9.0-8 (source) into unstable (Andrej Shadura) (signed by: Andrew Shadura)
[2020-03-23] Accepted twisted 18.9.0-7 (source) into unstable (Andrej Shadura) (signed by: Andrew Shadura)
[2020-03-19] Accepted twisted 14.0.2-3+deb8u2 (source all amd64) into oldoldstable (Chris Lamb)
[2020-03-17] Accepted twisted 14.0.2-3+deb8u1 (source all amd64) into oldoldstable (Chris Lamb)
[2020-03-03] twisted 18.9.0-6 MIGRATED to testing (Debian testing watch)
[2020-01-09] Accepted twisted 18.9.0-6 (source) into unstable (Matthias Klose)
[2019-11-07] Accepted twisted 18.9.0-5 (source) into unstable (Balint Reczey)
[2019-10-27] Accepted twisted 19.10.0~rc1-1 (source) into experimental (Matthias Klose)
[2019-10-19] Accepted twisted 18.9.0-4 (source) into unstable (Matthias Klose)
[2019-01-20] Accepted twisted 18.7.0-2~bpo9+2 (all amd64 source) into stretch-backports (Andrej Shadura)
[2018-12-10] twisted 18.9.0-3 MIGRATED to testing (Debian testing watch)
[2018-12-07] Accepted twisted 18.9.0-3 (source) into unstable (Balint Reczey)
[2018-12-06] Accepted twisted 18.9.0-2 (source) into unstable (Balint Reczey)
[2018-12-05] Accepted twisted 18.9.0-1 (source) into unstable (Balint Reczey)
[2018-10-05] twisted 18.7.0-3 MIGRATED to testing (Debian testing watch)
[2018-10-02] Accepted twisted 18.7.0-3 (source) into unstable (Mattia Rizzolo)
[2018-09-29] Accepted twisted 18.7.0-2~bpo9+1 (source) into stretch-backports (Andrej Shadura)
[2018-09-29] Accepted twisted 18.4.0-2~bpo9+2 (source) into stretch-backports (Andrej Shadura)
[2018-09-12] Accepted twisted 18.4.0-2~bpo9+1 (source amd64 all) into stretch-backports, stretch-backports (Andrej Shadura)
[2018-08-30] twisted 18.7.0-2 MIGRATED to testing (Debian testing watch)
[2018-08-14] Accepted twisted 18.7.0-2 (source) into unstable (Matthias Klose)
[2018-08-14] Accepted twisted 18.7.0-1 (source) into unstable (Matthias Klose)

bugs [bug history graph]

all: 11
RC: 0
I&N: 10
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian (6, 18)
buildd: logs, exp, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 18.9.0-11
24 bugs (1 patch)