Debian 10261 Published by

A twisted security update has been released for Debian GNU/Linux 8 Extended LTS to address an issue where Twisted exposes cookies and authorization headers when following cross-origin redirects.



ELA-566-1 twisted security update

Package twisted
Version 14.0.2-3+deb8u3
Related CVEs CVE-2022-21712

It was discovered that Twisted, a Python event-based framework for internet applications, exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the twisted.web.RedirectAgent and twisted.web.BrowserLikeRedirectAgent functions.

For Debian 8 jessie, these problems have been fixed in version 14.0.2-3+deb8u3.

We recommend that you upgrade your twisted packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-566-1 twisted security update