Hi Stefano. congratulations on the first DLA! Good job!
Just a small advice. It would be good to add one line into the DLA with a short description of the package. Something like this: "Several issues were discovered in Twisted, an event-based framework for internet applications..." . You will find much more examples on the debian-lts-announce mailing list [1]. It can people help to understand what the package is for, whether do they need to make an update. [1] https://lists.debian.org/debian-lts-announce/ Best regards Anton Am Di., 3. Mai 2022 um 14:22 Uhr schrieb Stefano Rivera <stefa...@debian.org>: > > ------------------------------------------------------------------------- > Debian LTS Advisory DLA-2991-1 debian-lts@lists.debian.org > https://www.debian.org/lts/security/ Stefano Rivera > May 03, 2022 https://wiki.debian.org/LTS > ------------------------------------------------------------------------- > > Package : twisted > Version : 16.6.0-2+deb9u3 > CVE ID : CVE-2022-24801 > Debian Bug : 1009030 > > The Twisted Web HTTP 1.1 server, located in the twisted.web.http module, > parsed > several HTTP request constructs more leniently than permitted by RFC 7230. > This > non-conformant parsing can lead to desync if requests pass through multiple > HTTP parsers, potentially resulting in HTTP request smuggling. > > For Debian 9 stretch, this problem has been fixed in version > 16.6.0-2+deb9u3. > > We recommend that you upgrade your twisted packages. > > For the detailed security status of twisted please refer to > its security tracker page at: > https://security-tracker.debian.org/tracker/twisted > > Further information about Debian LTS security advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://wiki.debian.org/LTS