UbuntuUpdates.org

Package "python3-twisted"

Name: python3-twisted

Description:

Event-based framework for internet applications
Latest version: 22.1.0-2ubuntu2.7
Release: jammy (22.04)
Level: security
Repository: main
Head package: twisted
Homepage: https://twistedmatrix.com/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "python3-twisted"

All arch deb package
APT INSTALL

Other versions of "python3-twisted" in Jammy

Repository Area Version
base main 22.1.0-2ubuntu2
updates main 22.1.0-2ubuntu2.7

Changelog

Version: 22.1.0-2ubuntu2.7 2026-06-03 18:07:33 UTC

  twisted (22.1.0-2ubuntu2.7) jammy-security; urgency=medium

  * SECURITY UPDATE: DNS name decompression denial of service
    - debian/patches/CVE-2026-42304-1.patch: fix denial of service in
      twisted.names mitigation in src/twisted/names/dns.py,
      src/twisted/names/test/test_dns.py.
    - debian/patches/CVE-2026-42304-2.patch: Update src/twisted/names/dns.py.
    - debian/patches/CVE-2026-42304-3.patch: Update
      src/twisted/names/test/test_dns.py.
    - debian/patches/CVE-2026-42304-4.patch: names: Refactor DNS compression
      mitigation in src/twisted/names/dns.py,
      src/twisted/names/newsfragments/12626.bugfix,
      src/twisted/names/test/test_dns.py.
    - debian/patches/CVE-2026-42304-5.patch: names: fix changes in
      src/twisted/names/dns.py, src/twisted/names/test/test_dns.py.
    - debian/patches/CVE-2026-42304-6.patch: Update
      src/twisted/names/newsfragments/12626.bugfix.
    - CVE-2026-42304

 -- Marc Deslauriers <email address hidden> Fri, 22 May 2026 11:02:45 -0400
Source diff to previous version
CVE-2026-42304 Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to

Version: 22.1.0-2ubuntu2.6 2024-11-26 21:06:53 UTC

  twisted (22.1.0-2ubuntu2.6) jammy-security; urgency=medium

  * SECURITY UPDATE: Out-of-order HTTP request processing.
    - debian/patches/CVE-2024-41671-*.patch: Move self.allContentReceived()
      after self._dataBuffer.append(data) in src/twisted/web/http.py. Add
      tests.
    - CVE-2024-41671

 -- Hlib Korzhynskyy <email address hidden> Fri, 22 Nov 2024 14:19:41 -0330
Source diff to previous version
CVE-2024-41671 Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could proc

Version: 22.1.0-2ubuntu2.5 2024-09-04 10:07:03 UTC

  twisted (22.1.0-2ubuntu2.5) jammy-security; urgency=medium

  * SECURITY UPDATE: HTML injection in HTTP redirect body
    - debian/patches/CVE-2024-41810-*.patch: added output
      encoding in redirect HTML
    - CVE-2024-41810

 -- Nick Galanis <email address hidden> Tue, 27 Aug 2024 11:14:59 +0300
Source diff to previous version
CVE-2024-41810 Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML in

Version: 22.1.0-2ubuntu2.4 2024-01-10 15:10:11 UTC

  twisted (22.1.0-2ubuntu2.4) jammy-security; urgency=medium

  * SECURITY UPDATE: script injection via unescaped 404 response
    - debian/patches/CVE-2022-39348.patch: fix NameVirtualHost HTML
      injection vulnerability.
    - CVE-2022-39348
  * SECURITY UPDATE: Disordered HTTP pipeline response in twisted.web
    - debian/patches/CVE-2023-46137-*.patch: handle requests in raw mode.
    - CVE-2023-46137

 -- Marc Deslauriers <email address hidden> Mon, 04 Dec 2023 08:17:10 -0500
Source diff to previous version
CVE-2022-39348 Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twi
CVE-2023-46137 Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, tw

Version: 22.1.0-2ubuntu2.3 2022-08-23 14:06:18 UTC

  twisted (22.1.0-2ubuntu2.3) jammy-security; urgency=medium

  * SECURITY UPDATE: Parsing of HTTP request headers was found to be
    not fully compliant with RFC 7230 specifications, which could
    result in HTTP request smuggling for certain multi-server
    configurations
    - debian/patches/CVE-2022-24801-*.patch: Ensure only permitted characters
      are present in Content-Length headers, improve parsing of Chunk Length
      values and fix stripping of whitespace in HTTP headers in
      src/twisted/web/http.py and src/twisted/web/test/test_http.py
    - CVE-2022-24801

 -- Ray Veldkamp <email address hidden> Thu, 11 Aug 2022 12:24:30 +1000
CVE-2022-24801 Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, l


About   -   Send Feedback to @ubuntu_updates