937641 – (CVE-2024-41671) <dev-python/twisted-24.7.0_rc1: twisted.web has disordered HTTP pipeline response

Bug 937641 (CVE-2024-41671) - <dev-python/twisted-24.7.0_rc1: twisted.web has disordered HTTP pipeline response

Summary: <dev-python/twisted-24.7.0_rc1: twisted.web has disordered HTTP pipeline resp...

Status:	CONFIRMED

Alias:	CVE-2024-41671

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:	https://github.com/advisories/GHSA-c8...
Whiteboard:	B4 [glsa?]
Keywords:

Depends on:	937741
Blocks:
	Show dependency tree

Reported:	2024-08-10 04:38 UTC by Michał Górny
Modified:	2024-10-31 11:49 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michał Górny archtester

2024-08-10 04:38:25 UTC

Summary

The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure.

Comment 1 Larry the Git Cow gentoo-dev

2024-08-10 17:20:37 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4e9c05396e09c93814ffb8a0f435468e83037e60

commit 4e9c05396e09c93814ffb8a0f435468e83037e60
Author:     Petr Vaněk <arkamar@gentoo.org>
AuthorDate: 2024-08-10 17:09:08 +0000
Commit:     Petr Vaněk <arkamar@gentoo.org>
CommitDate: 2024-08-10 17:18:27 +0000

    dev-python/twisted: add 24.7.0
    
    Bug: https://bugs.gentoo.org/937641
    Signed-off-by: Petr Vaněk <arkamar@gentoo.org>

 dev-python/twisted/Manifest              |   1 +
 dev-python/twisted/twisted-24.7.0.ebuild | 161 +++++++++++++++++++++++++++++++
 2 files changed, 162 insertions(+)

Comment 2 Michał Górny archtester

2024-10-31 05:23:04 UTC

cleanup done