Univention Bugzilla – Bug 54471
twisted: Multiple issues (4.4)
Last modified: 2022-02-23 17:06:53 CET
New Debian twisted 16.6.0-2+deb9u1 fixes: This update addresses the following issues: * HTTP request smuggling when presented with two Content-Length headers (CVE-2020-10108) * HTTP request smuggling when presented with a Content-Length and a chunked Transfer-Encoding header (CVE-2020-10109) * secret exposure in cross-origin redirects (CVE-2022-21712)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/twisted_16.6.0-2.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/twisted_16.6.0-2+deb9u1.dsc @@ -1,3 +1,19 @@ +16.6.0-2+deb9u1 [Sat, 19 Feb 2022 16:03:45 +0100] Sylvain Beucler <beuc@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * CVE-2020-10108: HTTP request splitting vulnerability. When presented + with two content-length headers, it ignored the first header. When the + second content-length value was set to zero, the request body was + interpreted as a pipelined request. + * CVE-2020-10109: HTTP request splitting vulnerability. When presented + with a content-length and a chunked encoding header, the + content-length took precedence and the remainder of the request body + was interpreted as a pipelined request. + * CVE-2022-21712: twisted exposes cookies and authorization headers when + following cross-origin redirects. This issue is present in the + `twisted.web.RedirectAgent` and `twisted.web.BrowserLikeRedirectAgent` + functions. + 16.6.0-2 [Sat, 10 Dec 2016 08:16:41 +0000] Free Ekanayaka <freee@debian.org>: * Make /usr/share/doc/python-twisted-runner-dbg a <http://piuparts.knut.univention.de/4.4-8/#3086686915184871952>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=4.4x1180>