FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID Description

VuXML ID	Description
9fbaefb3-837e-11ea-b5b4-641c67a117d8	py-twisted -- multiple vulnerabilities Twisted developers reports: All HTTP clients in twisted.web.client now raise a ValueError when called with a method and/or URL that contain invalid characters. This mitigates CVE-2019-12387. Thanks to Alex Brasetvik for reporting this vulnerability. The HTTP/2 server implementation now enforces TCP flow control on control frame messages and times out clients that send invalid data without reading responses. This closes CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood). Thanks to Jonathan Looney and Piotr Sikora. twisted.web.http was subject to several request smuggling attacks. Requests with multiple Content-Length headers were allowed (CVE-2020-10108, thanks to Jake Miller from Bishop Fox and ZeddYu Lu for reporting this) and now fail with a 400; requests with a Content-Length header and a Transfer-Encoding header honored the first header (CVE-2020-10109, thanks to Jake Miller from Bishop Fox for reporting this) and now fail with a 400; requests whose Transfer-Encoding header had a value other than "chunked" and "identity" (thanks to ZeddYu Lu) were allowed and now fail with a 400. Discovery 2019-03-01 Entry 2020-04-21 py27-twisted py35-twisted py36-twisted py37-twisted py38-twisted < 20.3.0 ports/245252 https://github.com/twisted/twisted/blob/twisted-20.3.0/NEWS.rst CVE-2019-12387 CVE-2019-9512 CVE-2019-9514 CVE-2019-9515 CVE-2020-10108 CVE-2020-10109
24049967-88ec-11ec-88f5-901b0e934d69	py-twisted -- cookie and authorization headers are leaked when following cross-origin redirects Twisted developers report: Cookie and Authorization headers are leaked when following cross-origin redirects in `twited.web.client.RedirectAgent` and `twisted.web.client.BrowserLikeRedirectAgent`. Discovery 2022-02-07 Entry 2022-02-13 py37-twisted py38-twisted py39-twisted py310-twisted < 22.1.0 https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx

9fbaefb3-837e-11ea-b5b4-641c67a117d8

py-twisted -- multiple vulnerabilities

Twisted developers reports:

All HTTP clients in twisted.web.client now raise a ValueError when called with a method and/or URL that contain invalid characters. This mitigates CVE-2019-12387. Thanks to Alex Brasetvik for reporting this vulnerability.

The HTTP/2 server implementation now enforces TCP flow control on control frame messages and times out clients that send invalid data without reading responses. This closes CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood). Thanks to Jonathan Looney and Piotr Sikora.

twisted.web.http was subject to several request smuggling attacks. Requests with multiple Content-Length headers were allowed (CVE-2020-10108, thanks to Jake Miller from Bishop Fox and ZeddYu Lu for reporting this) and now fail with a 400; requests with a Content-Length header and a Transfer-Encoding header honored the first header (CVE-2020-10109, thanks to Jake Miller from Bishop Fox for reporting this) and now fail with a 400; requests whose Transfer-Encoding header had a value other than "chunked" and "identity" (thanks to ZeddYu Lu) were allowed and now fail with a 400.

Discovery 2019-03-01
Entry 2020-04-21
py27-twisted
py35-twisted
py36-twisted
py37-twisted
py38-twisted

< 20.3.0

ports/245252
https://github.com/twisted/twisted/blob/twisted-20.3.0/NEWS.rst
CVE-2019-12387
CVE-2019-9512
CVE-2019-9514
CVE-2019-9515
CVE-2020-10108
CVE-2020-10109

24049967-88ec-11ec-88f5-901b0e934d69

py-twisted -- cookie and authorization headers are leaked when following cross-origin redirects

Twisted developers report:

Cookie and Authorization headers are leaked when following cross-origin redirects in twited.web.client.RedirectAgent and twisted.web.client.BrowserLikeRedirectAgent.

Discovery 2022-02-07
Entry 2022-02-13
py37-twisted
py38-twisted
py39-twisted
py310-twisted

< 22.1.0

https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx