linux/meta-openembedded.git/meta-python/recipes-devtools/python/python3-twisted, branch kirkstone

python3-twisted: patch CVE-2022-24801

2026-01-20T17:22:07+00:00

Details: https://nvd.nist.gov/vuln/detail/CVE-2022-24801 Pick the commits from the pull request that is referenced by the NVD report. (The full set is consisting of 13 patches, but the ones that only updated news/readme/typo fixes in comments were not backported) Signed-off-by: Gyorgy Sarvari

python3-twisted: Fix CVE-2023-46137

2025-09-18T07:53:56+00:00

Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue. References: https://nvd.nist.gov/vuln/detail/CVE-2023-46137 https://security-tracker.debian.org/tracker/CVE-2023-46137 Upstream patch: https://github.com/twisted/twisted/commit/1e6e9d23cac59689760558dcb6634285e694b04c Signed-off-by: Soumya Sambu Signed-off-by: Gyorgy Sarvari

python3-twisted: Fix CVE-2024-41810

2025-09-18T07:53:18+00:00

Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. This vulnerability is fixed in 24.7.0rc1. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-41810 Upstream patch: https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33 Signed-off-by: Soumya Sambu Signed-off-by: Gyorgy Sarvari

python3-twisted: Fix CVE-2024-41671

2025-05-25T18:48:44+00:00

Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1. References: https://nvd.nist.gov/vuln/detail/CVE-2024-41671 https://ubuntu.com/security/CVE-2024-41671 Upstream patches: https://github.com/twisted/twisted/commit/f1cb4e616e9f23b4dd044a6db44365060950c64f https://github.com/twisted/twisted/commit/ef2c755e9e9d57d58132af790bd2fd2b957b3fb1 Signed-off-by: Soumya Sambu Signed-off-by: Armin Kuster

python3-twisted: Upgrade 19.10.0 -> 20.3.0

2020-06-14T04:34:21+00:00

Upgrade to release 20.3.0. The year in file LICENSE has been updated but the project remains available under MIT license. The patch for test_runner.py is no longer needed because the same fix has been already applied in the upstream. The new release bring the following improvements: - Bugfixes - Improved documentation - twisted.news is deprecated - twisted.conch.ssh now supports the curve25519-sha256 key exchange algorithm - twisted.conch.ssh.keys can now write private keys in the new "openssh-key-v1" format, introduced in OpenSSH 6.5 and made the default in OpenSSH 7.8. ckeygen has a corresponding new --private-key-subtype=v1 option. Signed-off-by: Leon Anavi Acked-by: Trevor Gamblin Signed-off-by: Khem Raj

python3-twisted: Consolidate in a single file

2020-06-14T04:34:21+00:00

Consolidate inc and bb files into a single bb file. Signed-off-by: Leon Anavi Acked-by: Trevor Gamblin Signed-off-by: Khem Raj

python-twisted: update version to 17.5.0

2017-09-22T22:50:46+00:00

Signed-off-by: Derek Straka Signed-off-by: Martin Jansa

python3-twisted: Fix build with clang

2017-08-13T11:21:01+00:00

Signed-off-by: Khem Raj Signed-off-by: Martin Jansa