Opened 9 months ago

Closed 7 weeks ago

#31533 closed defect (not a bug)

Require Twisted 19.7.0 because it fixes CVE-2019-12855 in jabber

Reported by: teor Owned by:
Priority: Medium Milestone:
Component: Applications/GetTor Version:
Severity: Normal Keywords:
Cc: traumschule, hiro, gaba, phw, cohosh Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Does gettor use the jabber protocol?

If it does, we need to require Twisted 19.7.0 in gettor:
http://cve.circl.lu/cve/CVE-2019-12855

Child Tickets

Change History (3)

comment:1 Changed 7 months ago by cohosh

Cc: cohosh added

cc'ing cohosh on open GetTor tickets.

comment:2 Changed 3 months ago by cohosh

Status: newneeds_information

We don't support XMPP anymore for gettor, but this is a good reminder to make sure we're up to date on our requirements.

We use the official python3-twisted debian repository. I just checked and the current version is 17.9.0-2. Do we need to worry about this?

comment:3 Changed 7 weeks ago by teor

Resolution: not a bug
Status: needs_informationclosed

This bug is about gettor's requirements.txt, not the Debian package.

It looks like you don't need to worry about this bug, but I'm just about to file another one.

Note: See TracTickets for help on using tickets.