ELA-896-1 twisted security update

multiple vulnerabilities

2023-07-22
Packagetwisted
Version14.0.2-3+deb8u6 (jessie), 16.6.0-2+deb9u4 (stretch)
Related CVEs CVE-2019-12387 CVE-2019-12855 CVE-2022-39348


Multiple vulnerabilities were discovered in Twisted, an event-based framework for internet applications written in Python. An attacker may initiate request smuggling, Man-In-The-Middle (MITM) communication interception and cross-site-scripting (XSS).



For Debian 8 jessie, these problems have been fixed in version 14.0.2-3+deb8u6.

For Debian 9 stretch, these problems have been fixed in version 16.6.0-2+deb9u4.

We recommend that you upgrade your twisted packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.