Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 711760 (CVE-2019-12855)

Summary: <dev-python/twisted-19.10.0: words.protocols.jabber.xmlstream does not verify TLS certs (CVE-2019-12855)
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: mgorny, python
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/twisted/twisted/pull/1147
See Also: https://bugs.gentoo.org/show_bug.cgi?id=712240
Whiteboard: B3 [noglsa cve]
Package list:
Runtime testing required: ---
Bug Depends on: 661320, 705488    
Bug Blocks:    

Description Sam James archtester gentoo-dev Security 2020-03-07 02:19:27 UTC
Description:
"In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections."

Affects:
<dev-python/twisted-19.10.0
Comment 1 NATTkA bot gentoo-dev 2020-04-12 19:21:50 UTC
Resetting sanity check; package list is empty or all packages are done.
Comment 2 Yury German Gentoo Infrastructure gentoo-dev Security 2020-06-04 02:42:51 UTC
Maintainer(s), please drop the vulnerable version(s).
Comment 3 Larry the Git Cow gentoo-dev 2020-06-04 06:23:57 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7603a6f3a0af50e49d9b8257195a859b55328cf5

commit 7603a6f3a0af50e49d9b8257195a859b55328cf5
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: 2020-06-04 05:47:43 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2020-06-04 06:23:48 +0000

    dev-python/twisted: Remove old
    
    Bug: https://bugs.gentoo.org/711760
    Signed-off-by: Michał Górny <mgorny@gentoo.org>

 dev-python/twisted/Manifest                        |   2 -
 dev-python/twisted/files/test_main.patch           |  73 ------
 dev-python/twisted/files/trial                     |  22 --
 ...t_TWISTED_DISABLE_WRITING_OF_PLUGIN_CACHE.patch |  11 -
 .../twisted/files/twisted-16.6.0-test-fixes.patch  | 282 ---------------------
 .../twisted-17.9.0-Fix-test-on-Python-363.patch    |  74 ------
 .../files/twisted-17.9.0-python-27-utf-8-fix.patch |  47 ----
 ...ed-18.4.0-Disable-writing-of-plugin-cache.patch |  25 --
 dev-python/twisted/files/utf8_overrides.patch      |  64 -----
 dev-python/twisted/twisted-16.6.0-r3.ebuild        | 185 --------------
 dev-python/twisted/twisted-18.4.0.ebuild           | 195 --------------
 11 files changed, 980 deletions(-)