From 12d4f40a4a5881d2e26741fbed672fd841f557f5 Mon Sep 17 00:00:00 2001 From: Gyorgy Sarvari Date: Wed, 14 Jan 2026 08:34:35 +0100 Subject: python3-twisted: patch CVE-2022-24801 Details: https://nvd.nist.gov/vuln/detail/CVE-2022-24801 Pick the commits from the pull request that is referenced by the NVD report. (The full set is consisting of 13 patches, but the ones that only updated news/readme/typo fixes in comments were not backported) Signed-off-by: Gyorgy Sarvari --- .../python/python3-twisted/CVE-2022-24801-9.patch | 25 ++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-9.patch (limited to 'meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-9.patch') diff --git a/meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-9.patch b/meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-9.patch new file mode 100644 index 0000000000..e49afde74b --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-9.patch @@ -0,0 +1,25 @@ +From 349771026e1eb80cab7a19ceb8b80aa6d1bb3184 Mon Sep 17 00:00:00 2001 +From: Tom Most +Date: Fri, 1 Apr 2022 20:47:59 -0700 +Subject: [PATCH] Address review feedback + +Upstream-Status: Backport [https://github.com/twisted/twisted/commit/2bbd6c89110f0d44d2bb109c14d787f65bca9df8] +CVE: CVE-2022-24801 +Signed-off-by: Gyorgy Sarvari +--- + src/twisted/web/http.py | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/twisted/web/http.py b/src/twisted/web/http.py +index 81df437..4a2ce1d 100644 +--- a/src/twisted/web/http.py ++++ b/src/twisted/web/http.py +@@ -420,7 +420,7 @@ def _ishexdigits(b: bytes) -> bool: + for c in b: + if c not in b"0123456789abcdefABCDEF": + return False +- return bool(b) ++ return b != b"" + + + def _hexint(b: bytes) -> int: -- cgit v1.2.3-54-g00ecf