From 12d4f40a4a5881d2e26741fbed672fd841f557f5 Mon Sep 17 00:00:00 2001 From: Gyorgy Sarvari Date: Wed, 14 Jan 2026 08:34:35 +0100 Subject: python3-twisted: patch CVE-2022-24801 Details: https://nvd.nist.gov/vuln/detail/CVE-2022-24801 Pick the commits from the pull request that is referenced by the NVD report. (The full set is consisting of 13 patches, but the ones that only updated news/readme/typo fixes in comments were not backported) Signed-off-by: Gyorgy Sarvari --- .../python/python3-twisted/CVE-2022-24801-3.patch | 25 ++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-3.patch (limited to 'meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-3.patch') diff --git a/meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-3.patch b/meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-3.patch new file mode 100644 index 0000000000..5a9a287986 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-3.patch @@ -0,0 +1,25 @@ +From 5897923d523b357f93eb844e386bcc52c5490cdc Mon Sep 17 00:00:00 2001 +From: Tom Most +Date: Mon, 7 Mar 2022 00:03:50 -0800 +Subject: [PATCH] Strip only spaces and tabs from header values + +Upstream-Status: Backport [https://github.com/twisted/twisted/commit/c3a4e1d015740c1d87a3ec7d57570257e75b0062] +CVE: CVE-2022-24801 +Signed-off-by: Gyorgy Sarvari +--- + src/twisted/web/http.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/twisted/web/http.py b/src/twisted/web/http.py +index 5491953..262da0b 100644 +--- a/src/twisted/web/http.py ++++ b/src/twisted/web/http.py +@@ -2327,7 +2327,7 @@ class HTTPChannel(basic.LineReceiver, policies.TimeoutMixin): + return False + + header = header.lower() +- data = data.strip() ++ data = data.strip(b" \t") + + if not self._maybeChooseTransferDecoder(header, data): + return False -- cgit v1.2.3-54-g00ecf