From 12d4f40a4a5881d2e26741fbed672fd841f557f5 Mon Sep 17 00:00:00 2001 From: Gyorgy Sarvari Date: Wed, 14 Jan 2026 08:34:35 +0100 Subject: python3-twisted: patch CVE-2022-24801 Details: https://nvd.nist.gov/vuln/detail/CVE-2022-24801 Pick the commits from the pull request that is referenced by the NVD report. (The full set is consisting of 13 patches, but the ones that only updated news/readme/typo fixes in comments were not backported) Signed-off-by: Gyorgy Sarvari --- .../python/python3-twisted/CVE-2022-24801-7.patch | 27 ++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-7.patch (limited to 'meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-7.patch') diff --git a/meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-7.patch b/meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-7.patch new file mode 100644 index 0000000000..3fb4f432b4 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-7.patch @@ -0,0 +1,27 @@ +From a2fd35cf03bd3a847fd47a6f1a812e359c2dafda Mon Sep 17 00:00:00 2001 +From: Tom Most +Date: Sun, 13 Mar 2022 23:57:23 -0700 +Subject: [PATCH] Remove unreachable branch + +Upstream-Status: Backport [https://github.com/twisted/twisted/commit/696bfeaf5a1fa7ff952f860c89e2bdcfacef7d7a] +CVE: CVE-2022-24801 +Signed-off-by: Gyorgy Sarvari +--- + src/twisted/web/http.py | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/src/twisted/web/http.py b/src/twisted/web/http.py +index 940ff9f..ea77f57 100644 +--- a/src/twisted/web/http.py ++++ b/src/twisted/web/http.py +@@ -1915,9 +1915,7 @@ class _ChunkedTransferDecoder: + except ValueError: + raise _MalformedChunkedDataError("Chunk-size must be an integer.") + +- if length < 0: +- raise _MalformedChunkedDataError("Chunk-size must not be negative.") +- elif length == 0: ++ if length == 0: + self.state = "TRAILER" + else: + self.state = "BODY" -- cgit v1.2.3-54-g00ecf