svn commit: r532266 - head/security/vuxml
Danilo G. Baio
dbaio at FreeBSD.org
Tue Apr 21 12:25:02 UTC 2020
Author: dbaio
Date: Tue Apr 21 12:25:01 2020
New Revision: 532266
URL: https://svnweb.freebsd.org/changeset/ports/532266
Log:
security/vuxml: Document devel/py-twisted vulnerabilities
PR: 245252
Submitted by: Sascha Biberhofer <ports at skyforge.at>
Reported by: contact at evilham.com
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Tue Apr 21 12:05:23 2020 (r532265)
+++ head/security/vuxml/vuln.xml Tue Apr 21 12:25:01 2020 (r532266)
@@ -58,6 +58,59 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="9fbaefb3-837e-11ea-b5b4-641c67a117d8">
+ <topic>py-twisted -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>py27-twisted</name>
+ <name>py35-twisted</name>
+ <name>py36-twisted</name>
+ <name>py37-twisted</name>
+ <name>py38-twisted</name>
+ <range><lt>20.3.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Twisted developers reports:</p>
+ <blockquote cite="https://github.com/twisted/twisted/blob/twisted-20.3.0/NEWS.rst">
+ <p>All HTTP clients in twisted.web.client now raise a ValueError when
+ called with a method and/or URL that contain invalid characters. This
+ mitigates CVE-2019-12387. Thanks to Alex Brasetvik for reporting this
+ vulnerability.</p>
+ <p>The HTTP/2 server implementation now enforces TCP flow control on
+ control frame messages and times out clients that send invalid data
+ without reading responses. This closes CVE-2019-9512 (Ping Flood),
+ CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood). Thanks
+ to Jonathan Looney and Piotr Sikora.</p>
+ <p>twisted.web.http was subject to several request smuggling attacks.
+ Requests with multiple Content-Length headers were allowed
+ (CVE-2020-10108, thanks to Jake Miller from Bishop Fox and ZeddYu Lu
+ for reporting this) and now fail with a 400; requests with a
+ Content-Length header and a Transfer-Encoding header honored the first
+ header (CVE-2020-10109, thanks to Jake Miller from Bishop Fox for
+ reporting this) and now fail with a 400; requests whose
+ Transfer-Encoding header had a value other than "chunked" and
+ "identity" (thanks to ZeddYu Lu) were allowed and now fail with a 400.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/twisted/twisted/blob/twisted-20.3.0/NEWS.rst</url>
+ <cvename>CVE-2019-12387</cvename>
+ <cvename>CVE-2019-9512</cvename>
+ <cvename>CVE-2019-9514</cvename>
+ <cvename>CVE-2019-9515</cvename>
+ <cvename>CVE-2020-10108</cvename>
+ <cvename>CVE-2020-10109</cvename>
+ <freebsdpr>ports/245252</freebsdpr>
+ </references>
+ <dates>
+ <discovery>2019-03-01</discovery>
+ <entry>2020-04-21</entry>
+ </dates>
+ </vuln>
+
<vuln vid="3d7dfd63-823b-11ea-b3a8-240a644dd835">
<topic>Client/server denial of service when handling AES-CTR ciphers</topic>
<affects>
More information about the svn-ports-all
mailing list