diff options
| author | Soumya Sambu <soumya.sambu@windriver.com> | 2025-04-23 04:59:35 +0000 |
|---|---|---|
| committer | Armin Kuster <akuster808@gmail.com> | 2025-05-25 14:48:44 -0400 |
| commit | 5c4b61d38a86de2c26f4ce5e57aaa169643ac211 (patch) | |
| tree | 3ce31e28cf34dcf1ddf5dddd3ec9869acd05843d /meta-python/recipes-devtools/python/python3-twisted/CVE-2024-41671-0001.patch | |
| parent | 85275437cd64196d1bef8e16656df04201296fbf (diff) | |
| download | meta-openembedded-5c4b61d38a86de2c26f4ce5e57aaa169643ac211.tar.gz | |
python3-twisted: Fix CVE-2024-41671
Twisted is an event-based framework for internet applications, supporting Python 3.6+.
The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP
requests out-of-order, possibly resulting in information disclosure. This vulnerability
is fixed in 24.7.0rc1.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-41671
https://ubuntu.com/security/CVE-2024-41671
Upstream patches:
https://github.com/twisted/twisted/commit/f1cb4e616e9f23b4dd044a6db44365060950c64f
https://github.com/twisted/twisted/commit/ef2c755e9e9d57d58132af790bd2fd2b957b3fb1
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-python/recipes-devtools/python/python3-twisted/CVE-2024-41671-0001.patch')
| -rw-r--r-- | meta-python/recipes-devtools/python/python3-twisted/CVE-2024-41671-0001.patch | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-twisted/CVE-2024-41671-0001.patch b/meta-python/recipes-devtools/python/python3-twisted/CVE-2024-41671-0001.patch new file mode 100644 index 0000000000..a5bffbd5a5 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-twisted/CVE-2024-41671-0001.patch | |||
| @@ -0,0 +1,33 @@ | |||
| 1 | From f1cb4e616e9f23b4dd044a6db44365060950c64f Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Tom Most <twm@freecog.net> | ||
| 3 | Date: Mon, 22 Jul 2024 22:21:10 -0700 | ||
| 4 | Subject: [PATCH] Use chunking in the pipelining tests | ||
| 5 | |||
| 6 | CVE: CVE-2024-41671 | ||
| 7 | |||
| 8 | Upstream-Status: Backport [https://github.com/twisted/twisted/commit/f1cb4e616e9f23b4dd044a6db44365060950c64f] | ||
| 9 | |||
| 10 | Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> | ||
| 11 | --- | ||
| 12 | src/twisted/web/test/test_http.py | 4 +++- | ||
| 13 | 1 file changed, 3 insertions(+), 1 deletion(-) | ||
| 14 | |||
| 15 | diff --git a/src/twisted/web/test/test_http.py b/src/twisted/web/test/test_http.py | ||
| 16 | index 7ffea4e..5d88ff1 100644 | ||
| 17 | --- a/src/twisted/web/test/test_http.py | ||
| 18 | +++ b/src/twisted/web/test/test_http.py | ||
| 19 | @@ -575,9 +575,11 @@ class PipeliningBodyTests(unittest.TestCase, ResponseTestMixin): | ||
| 20 | b"Content-Length: 10\r\n" | ||
| 21 | b"\r\n" | ||
| 22 | b"0123456789POST / HTTP/1.1\r\n" | ||
| 23 | - b"Content-Length: 10\r\n" | ||
| 24 | + b"Transfer-Encoding: chunked\r\n" | ||
| 25 | b"\r\n" | ||
| 26 | + b"a\r\n" | ||
| 27 | b"0123456789" | ||
| 28 | + b"0\r\n" | ||
| 29 | ) | ||
| 30 | |||
| 31 | expectedResponses = [ | ||
| 32 | -- | ||
| 33 | 2.40.0 | ||