-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : twisted Version : 14.0.2-3+deb8u2 CVE IDs : CVE-2020-10108 CVE-2020-10109 Debian Bug : #953950
It was discovered that there were was a regression introduced in DLA-2145-1 due to the incorrect application of the upstream patch for CVE-2020-10108 & CVE-2020-10109 regarding a number of HTTP request splitting vulnerabilities in Twisted, an Python event-based framework for building various types of internet applications. Thanks to Etienne Allovon for the detailed report. For Debian 8 "Jessie", these issues have been fixed in twisted version 14.0.2-3+deb8u2. We recommend that you upgrade your twisted packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Regards, - -- ,''`. : :' : Chris Lamb `. `'` [email protected] / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl5zp/AACgkQHpU+J9Qx HljCKQ//cday9qW1xxNwI/W4RPjVoQDtAf3DYsoahCxqJf4ontA6JdQ3esEQq1y9 kQQOBw3uK9D8c3e6OnDfa98RmnQ4R2owwF9PpVJiOtC918IngXvqvLJ7qgw/ZyxR iBXo6VYGoaFyTTs7upME/Kxrd2ZJ+p/knQ5ikKxek4FibiPlP73HDWZjnZJSmIqX UYmeHHywRgc3bZjOXdtQFRY96Wh8DR8teO/GcU1QpbWiKYu8yAajzdj4Y9qgBS5l qNkKqbSm49XwkkObxRgK40QU7lh6hp0BohE/+fXZhO0lTO9JowKeYh/LHGUfJv5j ikOGz8YtAmnzytK8H6FGZlkKfa+CPehvaGZ8txkFm7Z1yv96Ixb83ToM9J8OGvbI D0dI8o/SrWTCP21g/4NYLzCnObquaizjyXHBZDCZ1uYuJD0BuWkMmOV1+PoMRusp abNL//RV3ujNUxU/6iX3bUX/WBhxDVdttcBg1u69JiiZ7wut73J1OYZMO94V7Uyd dUO+ZcMEaNJifl6L+OGiLc13MUVrPaVwDOh5KC6xrD4IU99aR7GtjOOjbmA8izXi 3uboMJwEayYE+xpVq9PsYD/u86rUASMGG7qCYq6nWz32rAmtS3ls7bBjwupo5HPf 1/5DYSuG/3M02S/Hm3VrZqTVFbjx7vemzLWznGEgyH7ZsoV89zY= =n9Mt -----END PGP SIGNATURE-----
