Version in base suite: 22.4.0-4 Base version: twisted_22.4.0-4 Target version: twisted_22.4.0-4+deb12u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/t/twisted/twisted_22.4.0-4.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/t/twisted/twisted_22.4.0-4+deb12u1.dsc changelog | 8 patches/CVE-2023-46137.patch | 170 ++++++++++++++++++++ patches/CVE-2024-41671.patch | 351 +++++++++++++++++++++++++++++++++++++++++++ patches/CVE-2024-41810.patch | 77 +++++++++ patches/series | 3 5 files changed, 609 insertions(+) diff -Nru twisted-22.4.0/debian/changelog twisted-22.4.0/debian/changelog --- twisted-22.4.0/debian/changelog 2023-01-30 15:12:17.000000000 +0000 +++ twisted-22.4.0/debian/changelog 2024-08-27 18:36:02.000000000 +0000 @@ -1,3 +1,11 @@ +twisted (22.4.0-4+deb12u1) bookworm-security; urgency=medium + + * CVE-2024-41671 (Closes: #1077679) + * CVE-2024-41810 (Closes: #1077680) + * CVE-2023-46137 (Closes: #1054913) + + -- Moritz Mühlenhoff Tue, 27 Aug 2024 20:36:02 +0200 + twisted (22.4.0-4) unstable; urgency=medium * Team upload. diff -Nru twisted-22.4.0/debian/patches/CVE-2023-46137.patch twisted-22.4.0/debian/patches/CVE-2023-46137.patch --- twisted-22.4.0/debian/patches/CVE-2023-46137.patch 1970-01-01 00:00:00.000000000 +0000 +++ twisted-22.4.0/debian/patches/CVE-2023-46137.patch 2024-08-27 18:35:50.000000000 +0000 @@ -0,0 +1,170 @@ +https://github.com/twisted/twisted/pull/11979 + +--- twisted-22.4.0.orig/src/twisted/web/http.py ++++ twisted-22.4.0/src/twisted/web/http.py +@@ -2472,14 +2472,38 @@ class HTTPChannel(basic.LineReceiver, po + + self._handlingRequest = True + ++ # We go into raw mode here even though we will be receiving lines next ++ # in the protocol; however, this data will be buffered and then passed ++ # back to line mode in the setLineMode call in requestDone. ++ self.setRawMode() ++ + req = self.requests[-1] + req.requestReceived(command, path, version) + +- def dataReceived(self, data): ++ def rawDataReceived(self, data: bytes) -> None: + """ +- Data was received from the network. Process it. ++ This is called when this HTTP/1.1 parser is in raw mode rather than ++ line mode. ++ ++ It may be in raw mode for one of two reasons: ++ ++ 1. All the headers of a request have been received and this ++ L{HTTPChannel} is currently receiving its body. ++ ++ 2. The full content of a request has been received and is currently ++ being processed asynchronously, and this L{HTTPChannel} is ++ buffering the data of all subsequent requests to be parsed ++ later. ++ ++ In the second state, the data will be played back later. ++ ++ @note: This isn't really a public API, and should be invoked only by ++ L{LineReceiver}'s line parsing logic. If you wish to drive an ++ L{HTTPChannel} from a custom data source, call C{dataReceived} on ++ it directly. ++ ++ @see: L{LineReceive.rawDataReceived} + """ +- # If we're currently handling a request, buffer this data. + if self._handlingRequest: + self._dataBuffer.append(data) + if ( +@@ -2491,9 +2515,7 @@ class HTTPChannel(basic.LineReceiver, po + # ready. See docstring for _optimisticEagerReadSize above. + self._networkProducer.pauseProducing() + return +- return basic.LineReceiver.dataReceived(self, data) + +- def rawDataReceived(self, data): + self.resetTimeout() + + try: +--- /dev/null ++++ twisted-22.4.0/src/twisted/web/newsfragments/11976.bugfix +@@ -0,0 +1,7 @@ ++In Twisted 16.3.0, we changed twisted.web to stop dispatching HTTP/1.1 ++pipelined requests to application code. There was a bug in this change which ++still allowed clients which could send multiple full HTTP requests in a single ++TCP segment to trigger asynchronous processing of later requests, which could ++lead to out-of-order responses. This has now been corrected and twisted.web ++should never process a pipelined request over HTTP/1.1 until the previous ++request has fully completed. +--- twisted-22.4.0.orig/src/twisted/web/test/test_web.py ++++ twisted-22.4.0/src/twisted/web/test/test_web.py +@@ -8,6 +8,7 @@ Tests for various parts of L{twisted.web + import os + import zlib + from io import BytesIO ++from typing import List + + from zope.interface import implementer + from zope.interface.verify import verifyObject +@@ -17,10 +18,13 @@ from twisted.internet.address import IPv + from twisted.internet.task import Clock + from twisted.logger import LogLevel, globalLogPublisher + from twisted.python import failure, reflect ++from twisted.python.compat import iterbytes + from twisted.python.filepath import FilePath +-from twisted.test.proto_helpers import EventLoggingObserver ++from twisted.test.proto_helpers import EventLoggingObserver, StringTransport + from twisted.trial import unittest + from twisted.web import error, http, iweb, resource, server ++from twisted.web.resource import Resource ++from twisted.web.server import NOT_DONE_YET, Request, Site + from twisted.web.static import Data + from twisted.web.test.requesthelper import DummyChannel, DummyRequest + from ._util import assertIsFilesystemTemporary +@@ -1849,3 +1853,78 @@ class ExplicitHTTPFactoryReactor(unittes + + factory = http.HTTPFactory() + self.assertIs(factory.reactor, reactor) ++ ++ ++class QueueResource(Resource): ++ """ ++ Add all requests to an internal queue, ++ without responding to the requests. ++ You can access the requests from the queue and handle their response. ++ """ ++ ++ isLeaf = True ++ ++ def __init__(self) -> None: ++ super().__init__() ++ self.dispatchedRequests: List[Request] = [] ++ ++ def render_GET(self, request: Request) -> int: ++ self.dispatchedRequests.append(request) ++ return NOT_DONE_YET ++ ++ ++class TestRFC9112Section932(unittest.TestCase): ++ """ ++ Verify that HTTP/1.1 request ordering is preserved. ++ """ ++ ++ def test_multipleRequestsInOneSegment(self) -> None: ++ """ ++ Twisted MUST NOT respond to a second HTTP/1.1 request while the first ++ is still pending. ++ """ ++ qr = QueueResource() ++ site = Site(qr) ++ proto = site.buildProtocol(None) ++ serverTransport = StringTransport() ++ proto.makeConnection(serverTransport) ++ proto.dataReceived( ++ b"GET /first HTTP/1.1\r\nHost: a\r\n\r\n" ++ b"GET /second HTTP/1.1\r\nHost: a\r\n\r\n" ++ ) ++ # The TCP data contains 2 requests, ++ # but only 1 request was dispatched, ++ # as the first request was not yet finalized. ++ self.assertEqual(len(qr.dispatchedRequests), 1) ++ # The first request is finalized and the ++ # second request is dispatched right away. ++ qr.dispatchedRequests[0].finish() ++ self.assertEqual(len(qr.dispatchedRequests), 2) ++ ++ def test_multipleRequestsInDifferentSegments(self) -> None: ++ """ ++ Twisted MUST NOT respond to a second HTTP/1.1 request while the first ++ is still pending, even if the second request is received in a separate ++ TCP package. ++ """ ++ qr = QueueResource() ++ site = Site(qr) ++ proto = site.buildProtocol(None) ++ serverTransport = StringTransport() ++ proto.makeConnection(serverTransport) ++ raw_data = ( ++ b"GET /first HTTP/1.1\r\nHost: a\r\n\r\n" ++ b"GET /second HTTP/1.1\r\nHost: a\r\n\r\n" ++ ) ++ # Just go byte by byte for the extreme case in which each byte is ++ # received in a separate TCP package. ++ for chunk in iterbytes(raw_data): ++ proto.dataReceived(chunk) ++ # The TCP data contains 2 requests, ++ # but only 1 request was dispatched, ++ # as the first request was not yet finalized. ++ self.assertEqual(len(qr.dispatchedRequests), 1) ++ # The first request is finalized and the ++ # second request is dispatched right away. ++ qr.dispatchedRequests[0].finish() ++ self.assertEqual(len(qr.dispatchedRequests), 2) diff -Nru twisted-22.4.0/debian/patches/CVE-2024-41671.patch twisted-22.4.0/debian/patches/CVE-2024-41671.patch --- twisted-22.4.0/debian/patches/CVE-2024-41671.patch 1970-01-01 00:00:00.000000000 +0000 +++ twisted-22.4.0/debian/patches/CVE-2024-41671.patch 2024-08-27 18:31:00.000000000 +0000 @@ -0,0 +1,351 @@ +Backport by Daniel Garcia of SuSE + +--- twisted-22.4.0.orig/src/twisted/web/http.py ++++ twisted-22.4.0/src/twisted/web/http.py +@@ -1921,6 +1921,9 @@ class _ChunkedTransferDecoder: + self.finishCallback = finishCallback + self._buffer = bytearray() + self._start = 0 ++ self._trailerHeaders: List[bytearray] = [] ++ self._maxTrailerHeadersSize = 2**16 ++ self._receivedTrailerHeadersSize = 0 + + def _dataReceived_CHUNK_LENGTH(self) -> bool: + """ +@@ -2007,18 +2010,44 @@ class _ChunkedTransferDecoder: + @raises _MalformedChunkedDataError: when anything other than CRLF is + received. + """ +- if len(self._buffer) < 2: ++ eolIndex = self._buffer.find(b"\r\n", self._start) ++ ++ if eolIndex == -1: ++ # Still no end of network line marker found. ++ # ++ # Check if we've run up against the trailer size limit: if the next ++ # read contains the terminating CRLF then we'll have this many bytes ++ # of trailers (including the CRLFs). ++ minTrailerSize = ( ++ self._receivedTrailerHeadersSize ++ + len(self._buffer) ++ + (1 if self._buffer.endswith(b"\r") else 2) ++ ) ++ if minTrailerSize > self._maxTrailerHeadersSize: ++ raise _MalformedChunkedDataError("Trailer headers data is too long.") ++ # Continue processing more data. + return False + +- if not self._buffer.startswith(b"\r\n"): +- raise _MalformedChunkedDataError("Chunk did not end with CRLF") ++ if eolIndex > 0: ++ # A trailer header was detected. ++ self._trailerHeaders.append(self._buffer[0:eolIndex]) ++ del self._buffer[0 : eolIndex + 2] ++ self._start = 0 ++ self._receivedTrailerHeadersSize += eolIndex + 2 ++ if self._receivedTrailerHeadersSize > self._maxTrailerHeadersSize: ++ raise _MalformedChunkedDataError("Trailer headers data is too long.") ++ return True ++ ++ # eolIndex in this part of code is equal to 0 + + data = memoryview(self._buffer)[2:].tobytes() ++ + del self._buffer[:] + self.state = "FINISHED" + self.finishCallback(data) + return False + ++ + def _dataReceived_BODY(self) -> bool: + """ + Deliver any available chunk data to the C{dataCallback}. When all the +@@ -2331,8 +2360,8 @@ class HTTPChannel(basic.LineReceiver, po + self.__header = line + + def _finishRequestBody(self, data): +- self.allContentReceived() + self._dataBuffer.append(data) ++ self.allContentReceived() + + def _maybeChooseTransferDecoder(self, header, data): + """ +--- /dev/null ++++ twisted-22.4.0/src/twisted/web/newsfragments/12248.bugfix +@@ -0,0 +1 @@ ++The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure (CVE-2024-41671/GHSA-c8m8-j448-xjx7) +--- twisted-22.4.0.orig/src/twisted/web/test/test_http.py ++++ twisted-22.4.0/src/twisted/web/test/test_http.py +@@ -136,7 +136,7 @@ class DummyHTTPHandler(http.Request): + data = self.content.read() + length = self.getHeader(b"content-length") + if length is None: +- length = networkString(str(length)) ++ length = str(length).encode() + request = b"'''\n" + length + b"\n" + data + b"'''\n" + self.setResponseCode(200) + self.setHeader(b"Request", self.uri) +@@ -567,17 +567,23 @@ class HTTP0_9Tests(HTTP1_0Tests): + + class PipeliningBodyTests(unittest.TestCase, ResponseTestMixin): + """ +- Tests that multiple pipelined requests with bodies are correctly buffered. ++ Pipelined requests get buffered and executed in the order received, ++ not processed in parallel. + """ + + requests = ( + b"POST / HTTP/1.1\r\n" + b"Content-Length: 10\r\n" + b"\r\n" +- b"0123456789POST / HTTP/1.1\r\n" +- b"Content-Length: 10\r\n" +- b"\r\n" + b"0123456789" ++ # Chunk encoded request. ++ b"POST / HTTP/1.1\r\n" ++ b"Transfer-Encoding: chunked\r\n" ++ b"\r\n" ++ b"a\r\n" ++ b"0123456789\r\n" ++ b"0\r\n" ++ b"\r\n" + ) + + expectedResponses = [ +@@ -594,14 +600,16 @@ class PipeliningBodyTests(unittest.TestC + b"Request: /", + b"Command: POST", + b"Version: HTTP/1.1", +- b"Content-Length: 21", +- b"'''\n10\n0123456789'''\n", ++ b"Content-Length: 23", ++ b"'''\nNone\n0123456789'''\n", + ), + ] + +- def test_noPipelining(self): ++ def test_stepwiseTinyTube(self): + """ +- Test that pipelined requests get buffered, not processed in parallel. ++ Imitate a slow connection that delivers one byte at a time. ++ The request handler (L{DelayedHTTPHandler}) is puppeted to ++ step through the handling of each request. + """ + b = StringTransport() + a = http.HTTPChannel() +@@ -610,10 +618,9 @@ class PipeliningBodyTests(unittest.TestC + # one byte at a time, to stress it. + for byte in iterbytes(self.requests): + a.dataReceived(byte) +- value = b.value() + + # So far only one request should have been dispatched. +- self.assertEqual(value, b"") ++ self.assertEqual(b.value(), b"") + self.assertEqual(1, len(a.requests)) + + # Now, process each request one at a time. +@@ -622,8 +629,95 @@ class PipeliningBodyTests(unittest.TestC + request = a.requests[0].original + request.delayedProcess() + +- value = b.value() +- self.assertResponseEquals(value, self.expectedResponses) ++ self.assertResponseEquals(b.value(), self.expectedResponses) ++ ++ def test_stepwiseDumpTruck(self): ++ """ ++ Imitate a fast connection where several pipelined ++ requests arrive in a single read. The request handler ++ (L{DelayedHTTPHandler}) is puppeted to step through the ++ handling of each request. ++ """ ++ b = StringTransport() ++ a = http.HTTPChannel() ++ a.requestFactory = DelayedHTTPHandlerProxy ++ a.makeConnection(b) ++ ++ a.dataReceived(self.requests) ++ ++ # So far only one request should have been dispatched. ++ self.assertEqual(b.value(), b"") ++ self.assertEqual(1, len(a.requests)) ++ ++ # Now, process each request one at a time. ++ while a.requests: ++ self.assertEqual(1, len(a.requests)) ++ request = a.requests[0].original ++ request.delayedProcess() ++ ++ self.assertResponseEquals(b.value(), self.expectedResponses) ++ ++ def test_immediateTinyTube(self): ++ """ ++ Imitate a slow connection that delivers one byte at a time. ++ ++ (L{DummyHTTPHandler}) immediately responds, but no more ++ than one ++ """ ++ b = StringTransport() ++ a = http.HTTPChannel() ++ a.requestFactory = DummyHTTPHandlerProxy # "sync" ++ a.makeConnection(b) ++ ++ # one byte at a time, to stress it. ++ for byte in iterbytes(self.requests): ++ a.dataReceived(byte) ++ # There is never more than one request dispatched at a time: ++ self.assertLessEqual(len(a.requests), 1) ++ ++ self.assertResponseEquals(b.value(), self.expectedResponses) ++ ++ def test_immediateDumpTruck(self): ++ """ ++ Imitate a fast connection where several pipelined ++ requests arrive in a single read. The request handler ++ (L{DummyHTTPHandler}) immediately responds. ++ ++ This doesn't check the at-most-one pending request ++ invariant but exercises otherwise uncovered code paths. ++ See GHSA-c8m8-j448-xjx7. ++ """ ++ b = StringTransport() ++ a = http.HTTPChannel() ++ a.requestFactory = DummyHTTPHandlerProxy ++ a.makeConnection(b) ++ ++ # All bytes at once to ensure there's stuff to buffer. ++ a.dataReceived(self.requests) ++ ++ self.assertResponseEquals(b.value(), self.expectedResponses) ++ ++ def test_immediateABiggerTruck(self): ++ """ ++ Imitate a fast connection where a so many pipelined ++ requests arrive in a single read that backpressure is indicated. ++ The request handler (L{DummyHTTPHandler}) immediately responds. ++ ++ This doesn't check the at-most-one pending request ++ invariant but exercises otherwise uncovered code paths. ++ See GHSA-c8m8-j448-xjx7. ++ ++ @see: L{http.HTTPChannel._optimisticEagerReadSize} ++ """ ++ b = StringTransport() ++ a = http.HTTPChannel() ++ a.requestFactory = DummyHTTPHandlerProxy ++ a.makeConnection(b) ++ ++ overLimitCount = a._optimisticEagerReadSize // len(self.requests) * 10 ++ a.dataReceived(self.requests * overLimitCount) ++ ++ self.assertResponseEquals(b.value(), self.expectedResponses * overLimitCount) + + def test_pipeliningReadLimit(self): + """ +@@ -1386,20 +1480,6 @@ class ChunkedTransferEncodingTests(unitt + http._MalformedChunkedDataError, p.dataReceived, b"3\r\nabc!!!!" + ) + +- def test_malformedChunkEndFinal(self): +- r""" +- L{_ChunkedTransferDecoder.dataReceived} raises +- L{_MalformedChunkedDataError} when the terminal zero-length chunk is +- followed by characters other than C{\r\n}. +- """ +- p = http._ChunkedTransferDecoder( +- lambda b: None, +- lambda b: None, # pragma: nocov +- ) +- self.assertRaises( +- http._MalformedChunkedDataError, p.dataReceived, b"3\r\nabc\r\n0\r\n!!" +- ) +- + def test_finish(self): + """ + L{_ChunkedTransferDecoder.dataReceived} interprets a zero-length +@@ -1474,6 +1554,83 @@ class ChunkedTransferEncodingTests(unitt + self.assertEqual(errors, []) + self.assertEqual(successes, [True]) + ++ def test_trailerHeaders(self): ++ """ ++ L{_ChunkedTransferDecoder.dataReceived} decodes chunked-encoded data ++ and ignores trailer headers which come after the terminating zero-length ++ chunk. ++ """ ++ L = [] ++ finished = [] ++ p = http._ChunkedTransferDecoder(L.append, finished.append) ++ p.dataReceived(b"3\r\nabc\r\n5\r\n12345\r\n") ++ p.dataReceived( ++ b"a\r\n0123456789\r\n0\r\nServer-Timing: total;dur=123.4\r\nExpires: Wed, 21 Oct 2015 07:28:00 GMT\r\n\r\n" ++ ) ++ self.assertEqual(L, [b"abc", b"12345", b"0123456789"]) ++ self.assertEqual(finished, [b""]) ++ self.assertEqual( ++ p._trailerHeaders, ++ [ ++ b"Server-Timing: total;dur=123.4", ++ b"Expires: Wed, 21 Oct 2015 07:28:00 GMT", ++ ], ++ ) ++ ++ def test_shortTrailerHeader(self): ++ """ ++ L{_ChunkedTransferDecoder.dataReceived} decodes chunks of input with ++ tailer header broken up and delivered in multiple calls. ++ """ ++ L = [] ++ finished = [] ++ p = http._ChunkedTransferDecoder(L.append, finished.append) ++ for s in iterbytes( ++ b"3\r\nabc\r\n5\r\n12345\r\n0\r\nServer-Timing: total;dur=123.4\r\n\r\n" ++ ): ++ p.dataReceived(s) ++ self.assertEqual(L, [b"a", b"b", b"c", b"1", b"2", b"3", b"4", b"5"]) ++ self.assertEqual(finished, [b""]) ++ self.assertEqual(p._trailerHeaders, [b"Server-Timing: total;dur=123.4"]) ++ ++ def test_tooLongTrailerHeader(self): ++ r""" ++ L{_ChunkedTransferDecoder.dataReceived} raises ++ L{_MalformedChunkedDataError} when the trailing headers data is too long. ++ """ ++ p = http._ChunkedTransferDecoder( ++ lambda b: None, ++ lambda b: None, # pragma: nocov ++ ) ++ p._maxTrailerHeadersSize = 10 ++ self.assertRaises( ++ http._MalformedChunkedDataError, ++ p.dataReceived, ++ b"3\r\nabc\r\n0\r\nTotal-Trailer: header;greater-then=10\r\n\r\n", ++ ) ++ ++ def test_unfinishedTrailerHeader(self): ++ r""" ++ L{_ChunkedTransferDecoder.dataReceived} raises ++ L{_MalformedChunkedDataError} when the trailing headers data is too long ++ and doesn't have final CRLF characters. ++ """ ++ p = http._ChunkedTransferDecoder( ++ lambda b: None, ++ lambda b: None, # pragma: nocov ++ ) ++ p._maxTrailerHeadersSize = 10 ++ # 9 bytes are received so far, in 2 packets. ++ # For now, all is ok. ++ p.dataReceived(b"3\r\nabc\r\n0\r\n01234567") ++ p.dataReceived(b"\r") ++ # Once the 10th byte is received, the processing fails. ++ self.assertRaises( ++ http._MalformedChunkedDataError, ++ p.dataReceived, ++ b"A", ++ ) ++ + + class ChunkingTests(unittest.TestCase, ResponseTestMixin): + diff -Nru twisted-22.4.0/debian/patches/CVE-2024-41810.patch twisted-22.4.0/debian/patches/CVE-2024-41810.patch --- twisted-22.4.0/debian/patches/CVE-2024-41810.patch 1970-01-01 00:00:00.000000000 +0000 +++ twisted-22.4.0/debian/patches/CVE-2024-41810.patch 2024-08-27 18:33:51.000000000 +0000 @@ -0,0 +1,77 @@ +Backport by Daniel Garcia of SuSE + +--- twisted-22.4.0.orig/src/twisted/web/_template_util.py ++++ twisted-22.4.0/src/twisted/web/_template_util.py +@@ -92,7 +92,7 @@ def redirectTo(URL: bytes, request: IReq + + + """ % { +- b"url": URL ++ b"url": escape(URL.decode("utf-8")).encode("utf-8") + } + return content + +--- /dev/null ++++ twisted-22.4.0/src/twisted/web/newsfragments/12263.bugfix +@@ -0,0 +1 @@ ++twisted.web.util.redirectTo now HTML-escapes the provided URL in the fallback response body it returns (GHSA-cf56-g6w6-pqq2). The issue is being tracked with CVE-2024-41810. +\ No newline at end of file +--- /dev/null ++++ twisted-22.4.0/src/twisted/web/newsfragments/9839.bugfix +@@ -0,0 +1 @@ ++twisted.web.util.redirectTo now HTML-escapes the provided URL in the fallback response body it returns (GHSA-cf56-g6w6-pqq2, CVE-2024-41810). +--- twisted-22.4.0.orig/src/twisted/web/test/test_util.py ++++ twisted-22.4.0/src/twisted/web/test/test_util.py +@@ -5,7 +5,6 @@ + Tests for L{twisted.web.util}. + """ + +- + import gc + + from twisted.internet import defer +@@ -64,6 +63,44 @@ class RedirectToTests(TestCase): + targetURL = "http://target.example.com/4321" + self.assertRaises(TypeError, redirectTo, targetURL, request) + ++ def test_legitimateRedirect(self): ++ """ ++ Legitimate URLs are fully interpolated in the `redirectTo` response body without transformation ++ """ ++ request = DummyRequest([b""]) ++ html = redirectTo(b"https://twisted.org/", request) ++ expected = b""" ++ ++ ++ ++ ++ ++ click here ++ ++ ++""" ++ self.assertEqual(html, expected) ++ ++ def test_maliciousRedirect(self): ++ """ ++ Malicious URLs are HTML-escaped before interpolating them in the `redirectTo` response body ++ """ ++ request = DummyRequest([b""]) ++ html = redirectTo( ++ b'https://twisted.org/">', request ++ ) ++ expected = b""" ++ ++ ++ ++ ++ ++ click here ++ ++ ++""" ++ self.assertEqual(html, expected) ++ + + class ParentRedirectTests(SynchronousTestCase): + """ diff -Nru twisted-22.4.0/debian/patches/series twisted-22.4.0/debian/patches/series --- twisted-22.4.0/debian/patches/series 2023-01-30 15:10:52.000000000 +0000 +++ twisted-22.4.0/debian/patches/series 2024-08-27 18:35:35.000000000 +0000 @@ -30,3 +30,6 @@ Call-the-superclass-constructor-via-private-alias.patch twisted.web.pages.-ErrorPage-errorPage.patch Add-CVE-to-newsfragment.patch +CVE-2024-41671.patch +CVE-2024-41810.patch +CVE-2023-46137.patch