Debian 10261 Published by

A twisted security update has been released for Debian GNU/Linux 8 Extended LTS to address a HTTP request smuggling issue.



ELA-604-1 twisted security update

Package twisted
Version 14.0.2-3+deb8u5
Related CVEs CVE-2022-24801

Twisted is an event-based Python framework for internet applications. The Twisted Web HTTP 1.1 server parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling.

For Debian 8 jessie, these problems have been fixed in version 14.0.2-3+deb8u5.

We recommend that you upgrade your twisted packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-604-1 twisted security update