Lucene search

DebianDEBIAN:DLA-2145-1:88507

HistoryMar 17, 2020 - 6:03 p.m.

[SECURITY] [DLA 2145-1] twisted security update

2020-03-1718:03:22

lists.debian.org

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.6%

JSON

Package : twisted
Version : 14.0.2-3+deb8u1
CVE IDs : CVE-2020-10108 CVE-2020-10109
Debian Bug : #953950

It was discovered that there were a number of HTTP request splitting
vulnerabilities in Twisted, an Python event-based framework for
building various types of internet applications.

For more information, please see:

https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR

For Debian 8 "Jessie", these issues have been fixed in twisted
version 14.0.2-3+deb8u1.

We recommend that you upgrade your twisted packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Regards,

  ,&#x27;&#x27;`.
 : :&#x27;  :     Chris Lamb
 `. `&#x27;`      [email protected] / chris-lamb.co.uk
   `-

OSVersionArchitecturePackageVersionFilename
Debian8alltwisted< 14.0.2-3+deb8u1twisted_14.0.2-3+deb8u1_all.deb
Debian8armhfpython-twisted-runner< 14.0.2-3+deb8u1python-twisted-runner_14.0.2-3+deb8u1_armhf.deb
Debian8allpython-twisted-names< 14.0.2-3+deb8u1python-twisted-names_14.0.2-3+deb8u1_all.deb
Debian8allpython-twisted-words< 14.0.2-3+deb8u1python-twisted-words_14.0.2-3+deb8u1_all.deb
Debian8i386python-twisted-runner-dbg< 14.0.2-3+deb8u1python-twisted-runner-dbg_14.0.2-3+deb8u1_i386.deb
Debian8amd64python-twisted-bin-dbg< 14.0.2-3+deb8u1python-twisted-bin-dbg_14.0.2-3+deb8u1_amd64.deb
Debian8allpython-twisted-core< 14.0.2-3+deb8u1python-twisted-core_14.0.2-3+deb8u1_all.deb
Debian8armhfpython-twisted-bin< 14.0.2-3+deb8u1python-twisted-bin_14.0.2-3+deb8u1_armhf.deb
Debian8armelpython-twisted-bin< 14.0.2-3+deb8u1python-twisted-bin_14.0.2-3+deb8u1_armel.deb
Debian8armelpython-twisted-bin-dbg< 14.0.2-3+deb8u1python-twisted-bin-dbg_14.0.2-3+deb8u1_armel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	all	twisted	< 14.0.2-3+deb8u1	twisted_14.0.2-3+deb8u1_all.deb
Debian	8	armhf	python-twisted-runner	< 14.0.2-3+deb8u1	python-twisted-runner_14.0.2-3+deb8u1_armhf.deb
Debian	8	all	python-twisted-names	< 14.0.2-3+deb8u1	python-twisted-names_14.0.2-3+deb8u1_all.deb
Debian	8	all	python-twisted-words	< 14.0.2-3+deb8u1	python-twisted-words_14.0.2-3+deb8u1_all.deb
Debian	8	i386	python-twisted-runner-dbg	< 14.0.2-3+deb8u1	python-twisted-runner-dbg_14.0.2-3+deb8u1_i386.deb
Debian	8	amd64	python-twisted-bin-dbg	< 14.0.2-3+deb8u1	python-twisted-bin-dbg_14.0.2-3+deb8u1_amd64.deb
Debian	8	all	python-twisted-core	< 14.0.2-3+deb8u1	python-twisted-core_14.0.2-3+deb8u1_all.deb
Debian	8	armhf	python-twisted-bin	< 14.0.2-3+deb8u1	python-twisted-bin_14.0.2-3+deb8u1_armhf.deb
Debian	8	armel	python-twisted-bin	< 14.0.2-3+deb8u1	python-twisted-bin_14.0.2-3+deb8u1_armel.deb
Debian	8	armel	python-twisted-bin-dbg	< 14.0.2-3+deb8u1	python-twisted-bin-dbg_14.0.2-3+deb8u1_armel.deb