Debian-LTS has issued an advisory on March 17: https://www.debian.org/lts/security/2020/dla-2145 The issues are fixed upstream in 20.3.0rc1: https://know.bishopfox.com/advisories/twisted-version-19.10.0 Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOOStatus comment: (none) => Fixed upstream in 20.3.0rc1
Ubuntu has issued an advisory for this on March 19: https://usn.ubuntu.com/4308-1/
Fedora has issued an advisory for this on March 25: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D/
Status comment: Fixed upstream in 20.3.0rc1 => Patches available from Fedora
RedHat has issued an advisory for this today (April 23): https://access.redhat.com/errata/RHSA-2020:1561
Cauldron have 20.3.0 : not affected
Whiteboard: MGA7TOO => (none)Version: Cauldron => 7CC: (none) => makowski.mageia
security fix for CVE-2020-10108 and CVE-2020-10109 in 7/core/updates_testing python2-twisted-19.2.1-1.2.mga7.x86_64.rpm python3-twisted-19.2.1-1.2.mga7.x86_64.rpm python-twisted-debugsource-19.2.1-1.2.mga7.x86_64.rpm python-twisted-debuginfo-19.2.1-1.2.mga7.x86_64.rpm python2-twisted-debuginfo-19.2.1-1.2.mga7.x86_64.rpm python3-twisted-debuginfo-19.2.1-1.2.mga7.x86_64.rpm python2-twisted-19.2.1-1.2.mga7.i586.rpm python3-twisted-19.2.1-1.2.mga7.i586.rpm python-twisted-debugsource-19.2.1-1.2.mga7.i586.rpm python-twisted-debuginfo-19.2.1-1.2.mga7.i586.rpm python2-twisted-debuginfo-19.2.1-1.2.mga7.i586.rpm python3-twisted-debuginfo-19.2.1-1.2.mga7.i586.rpm From python-twisted-19.2.1-1.2.mga7.src.rpm
Assignee: jani.valimaa => qa-bugs
Advisory: ======================== Updated python-twisted packages fix security vulnerabilities: Jake Miller and ZeddYu Lu discovered that Twisted incorrectly handled certain content-length headers. A remote attacker could possibly use this issue to perform HTTP request splitting attacks (CVE-2020-10108, CVE-2020-10109). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10108 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10109 https://ubuntu.com/security/notices/USN-4308-1
Source RPM: python-twisted-19.10.0-2.mga8.src.rpm => python-twisted-19.2.1-1.1.mga7.src.rpm
MGA7-64 MATE on Peaq C1011 No installation issues. Repeated tests and traces from previous bug 25752: kajong, tofu and taskcoach, with same results. Good to go.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA7-64-OK
Validating. Advisory pushed to SVN.
CC: (none) => ouaurelien
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0428.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED