twisted - Debian Package Tracker

general

source: twisted (main)
version: 26.4.0-1
maintainer: Debian Python Team (DMD)
uploaders: Colin Watson [DMD] – Stefano Rivera [DMD]
arch: all
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 20.3.0-7+deb11u1
o-o-sec: 20.3.0-7+deb11u2
oldstable: 22.4.0-4+deb12u1
old-sec: 22.4.0-4+deb12u1
stable: 24.11.0-1
testing: 25.5.0-5
unstable: 26.4.0-1

versioned links

20.3.0-7+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20.3.0-7+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
22.4.0-4+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
24.11.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
25.5.0-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
26.4.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

python3-twisted
twisted-doc (1 bugs: 0, 0, 1, 0)

action needed

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2026-42304: Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service (DoS) attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending a crafted TCP DNS packet containing deeply chained compression pointers. This flaw bypasses previous loop-prevention logic, causing the single-threaded Twisted reactor to hang while processing millions of recursive lookups, effectively freezing the server. This vulnerability is fixed in 26.4.0rc2.

Created: 2026-05-11 Last update: 2026-06-08 11:00

debian/patches: 1 patch with invalid metadata, 9 patches to forward upstream high

Among the 14 debian patches available in version 26.4.0-1 of the package, we noticed the following issues:

1 patch with invalid metadata that ought to be fixed.
9 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2026-05-11 22:32

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 2-day delay is over. Check why.

Created: 2026-05-16 Last update: 2026-06-10 03:02

lintian reports 13 warnings normal

Lintian reports 13 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2026-05-12 Last update: 2026-05-12 05:01

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2026-42304: (needs triaging) Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service (DoS) attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending a crafted TCP DNS packet containing deeply chained compression pointers. This flaw bypasses previous loop-prevention logic, causing the single-threaded Twisted reactor to hang while processing millions of recursive lookups, effectively freezing the server. This vulnerability is fixed in 26.4.0rc2.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-05-11 Last update: 2026-06-08 11:00

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2026-42304: (needs triaging) Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service (DoS) attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending a crafted TCP DNS packet containing deeply chained compression pointers. This flaw bypasses previous loop-prevention logic, causing the single-threaded Twisted reactor to hang while processing millions of recursive lookups, effectively freezing the server. This vulnerability is fixed in 26.4.0rc2.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-05-11 Last update: 2026-06-08 11:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.7.2).

Created: 2025-12-23 Last update: 2026-05-11 18:02

testing migrations

excuses:
- Migration status for twisted (25.5.0-5 to 26.4.0-1): Will attempt migration (Any information below is purely informational)
- Additional info (not blocking):
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/t/twisted.html
- ∙ ∙ Autopkgtest for twisted/26.4.0-1: amd64: Pass, arm64: Pass, i386: Pass, loong64: Pass, ppc64el: Pass, riscv64: Pass, s390x: Pass
- ∙ ∙ Reproduced on amd64 - info
- ∙ ∙ Reproduced on arm64 - info
- ∙ ∙ Reproduced on armhf - info
- ∙ ∙ Reproduced on i386 - info
- ∙ ∙ Required age reduced by 3 days because of autopkgtest
- ∙ ∙ 30 days old (needed 2 days)

news

[rss feed]

[2026-05-11] Accepted twisted 26.4.0-1 (source) into unstable (Colin Watson)
[2025-12-16] twisted 25.5.0-5 MIGRATED to testing (Debian testing watch)
[2025-12-10] Accepted twisted 25.5.0-5 (source) into unstable (Colin Watson)
[2025-09-30] twisted 25.5.0-4 MIGRATED to testing (Debian testing watch)
[2025-09-27] Accepted twisted 25.5.0-4 (source) into unstable (Colin Watson)
[2025-09-25] Accepted twisted 25.5.0-3 (source) into unstable (Colin Watson)
[2025-09-23] twisted 25.5.0-2 MIGRATED to testing (Debian testing watch)
[2025-09-18] Accepted twisted 25.5.0-2 (source) into unstable (Colin Watson)
[2025-06-18] Accepted twisted 25.5.0-1 (source) into experimental (Colin Watson)
[2024-12-17] twisted 24.11.0-1 MIGRATED to testing (Debian testing watch)
[2024-12-02] Accepted twisted 24.11.0-1 (source) into unstable (Colin Watson)
[2024-11-28] Accepted twisted 20.3.0-7+deb11u2 (source) into oldstable-security (Sylvain Beucler)
[2024-11-22] Accepted twisted 24.10.0-2 (source) into unstable (Colin Watson)
[2024-10-28] Accepted twisted 24.10.0-1 (source) into unstable (Colin Watson)
[2024-10-26] Accepted twisted 22.4.0-4+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2024-10-25] Accepted twisted 22.4.0-4+deb12u1 (source) into stable-security (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2024-09-23] twisted 24.7.0-3 MIGRATED to testing (Debian testing watch)
[2024-09-16] Accepted twisted 24.7.0-3 (source) into unstable (Colin Watson)
[2024-09-01] Accepted twisted 24.7.0-2 (source) into unstable (Colin Watson)
[2024-08-14] Accepted twisted 24.7.0-1 (source) into unstable (Colin Watson)
[2024-08-05] twisted 24.3.0-3 MIGRATED to testing (Debian testing watch)
[2024-08-02] Accepted twisted 24.3.0-3 (source) into unstable (Colin Watson)
[2024-06-27] twisted 24.3.0-2 MIGRATED to testing (Debian testing watch)
[2024-06-24] Accepted twisted 24.3.0-2 (source) into unstable (Florent 'Skia' Jacquet) (signed by: Colin Watson)
[2024-03-15] twisted 24.3.0-1 MIGRATED to testing (Debian testing watch)
[2024-03-04] Accepted twisted 24.3.0-1 (source) into unstable (Stefano Rivera)
[2023-12-30] twisted 23.10.0-2 MIGRATED to testing (Debian testing watch)
[2023-12-26] Accepted twisted 23.10.0-2 (source) into unstable (Stefano Rivera)
[2023-12-25] Accepted twisted 23.10.0-1 (source) into unstable (Stefano Rivera)
[2023-02-05] twisted 22.4.0-4 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 3
RC: 0
I&N: 2
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian (0, 13)
buildd: logs, reproducibility
popcon
browse source code
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 25.5.0-5