UbuntuUpdates.org

Package "twisted"

Name: twisted

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Event-based framework for internet applications
  • Official documentation of Twisted
Latest version: 24.3.0-1ubuntu0.2
Release: noble (24.04)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "twisted" in Noble

Repository Area Version
base main 24.3.0-1
updates main 24.3.0-1ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 24.3.0-1ubuntu0.2 2026-06-03 18:07:40 UTC

  twisted (24.3.0-1ubuntu0.2) noble-security; urgency=medium

  * SECURITY UPDATE: DNS name decompression denial of service
    - debian/patches/CVE-2026-42304-1.patch: fix denial of service in
      twisted.names mitigation in src/twisted/names/dns.py,
      src/twisted/names/test/test_dns.py.
    - debian/patches/CVE-2026-42304-2.patch: Update src/twisted/names/dns.py.
    - debian/patches/CVE-2026-42304-3.patch: Update
      src/twisted/names/test/test_dns.py.
    - debian/patches/CVE-2026-42304-4.patch: names: Refactor DNS compression
      mitigation in src/twisted/names/dns.py,
      src/twisted/names/newsfragments/12626.bugfix,
      src/twisted/names/test/test_dns.py.
    - debian/patches/CVE-2026-42304-5.patch: names: fix changes in
      src/twisted/names/dns.py, src/twisted/names/test/test_dns.py.
    - debian/patches/CVE-2026-42304-6.patch: Update
      src/twisted/names/newsfragments/12626.bugfix.
    - CVE-2026-42304

 -- Marc Deslauriers <email address hidden> Fri, 22 May 2026 10:58:09 -0400
Source diff to previous version
CVE-2026-42304 Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to

Version: 24.3.0-1ubuntu0.1 2024-09-04 10:07:04 UTC

  twisted (24.3.0-1ubuntu0.1) noble-security; urgency=medium

  * SECURITY UPDATE: Information disclosure by processing
    pipelined HTTP requests out-of-order
    - debian/patches/CVE-2024-41671-*.patch: Correct processing
      of HTTP requests
    - CVE-2024-41671
  * SECURITY UPDATE: HTML injection in HTTP redirect body
    - debian/patches/CVE-2024-41810-*.patch: added output
      encoding in redirect HTML
    - CVE-2024-41810

 -- Nick Galanis <email address hidden> Tue, 27 Aug 2024 13:30:39 +0300
CVE-2024-41671 Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could proc
CVE-2024-41810 Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML in


About   -   Send Feedback to @ubuntu_updates