Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 711760 (CVE-2019-12855) - <dev-python/twisted-19.10.0: words.protocols.jabber.xmlstream does not verify TLS certs (CVE-2019-12855)
Summary: <dev-python/twisted-19.10.0: words.protocols.jabber.xmlstream does not verify...
Status: RESOLVED FIXED
Alias: CVE-2019-12855
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/twisted/twisted/pu...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on: 661320 705488
Blocks:
  Show dependency tree
 
Reported: 2020-03-07 02:19 UTC by Sam James
Modified: 2020-06-18 02:48 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-03-07 02:19:27 UTC
Description:
"In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections."

Affects:
<dev-python/twisted-19.10.0
Comment 1 NATTkA bot gentoo-dev 2020-04-12 19:21:50 UTC
Resetting sanity check; package list is empty or all packages are done.
Comment 2 Yury German Gentoo Infrastructure gentoo-dev Security 2020-06-04 02:42:51 UTC
Maintainer(s), please drop the vulnerable version(s).
Comment 3 Larry the Git Cow gentoo-dev 2020-06-04 06:23:57 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7603a6f3a0af50e49d9b8257195a859b55328cf5

commit 7603a6f3a0af50e49d9b8257195a859b55328cf5
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: 2020-06-04 05:47:43 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2020-06-04 06:23:48 +0000

    dev-python/twisted: Remove old
    
    Bug: https://bugs.gentoo.org/711760
    Signed-off-by: Michał Górny <mgorny@gentoo.org>

 dev-python/twisted/Manifest                        |   2 -
 dev-python/twisted/files/test_main.patch           |  73 ------
 dev-python/twisted/files/trial                     |  22 --
 ...t_TWISTED_DISABLE_WRITING_OF_PLUGIN_CACHE.patch |  11 -
 .../twisted/files/twisted-16.6.0-test-fixes.patch  | 282 ---------------------
 .../twisted-17.9.0-Fix-test-on-Python-363.patch    |  74 ------
 .../files/twisted-17.9.0-python-27-utf-8-fix.patch |  47 ----
 ...ed-18.4.0-Disable-writing-of-plugin-cache.patch |  25 --
 dev-python/twisted/files/utf8_overrides.patch      |  64 -----
 dev-python/twisted/twisted-16.6.0-r3.ebuild        | 185 --------------
 dev-python/twisted/twisted-18.4.0.ebuild           | 195 --------------
 11 files changed, 980 deletions(-)