[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted python-eventlet 0.40.1-3 (source) into unstable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 31 Aug 2025 23:54:47 +0200
Source: python-eventlet
Architecture: source
Version: 0.40.1-3
Distribution: unstable
Urgency: high
Maintainer: Debian OpenStack <team+openstack@tracker.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Closes: 1112515
Changes:
 python-eventlet (0.40.1-3) unstable; urgency=high
 .
   * CVE-2025-58068: Eventlet is a concurrent networking library for Python.
     Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP
     Request Smuggling due to improper handling of HTTP trailer sections. This
     vulnerability could enable attackers to, bypass front-end security
     controls, launch targeted attacks against active site users, and poison web
     caches. Applied upstream patch (Closes: #1112515):
     - Fix_request_smuggling_vulnerability_by_discarding_trailers.patch
Checksums-Sha1:
 864f65e9541c8c37c9a0862fcf28833a5d1fdb82 2498 python-eventlet_0.40.1-3.dsc
 daf083a3d56fa1bea0e869196d23abeadebb3f31 24764 python-eventlet_0.40.1-3.debian.tar.xz
 c75442efac0e3fce351270951ba7a75cc6a0b338 9386 python-eventlet_0.40.1-3_amd64.buildinfo
Checksums-Sha256:
 cfe789dfd1d12522294e0d1a884fc7f1615722b73bc990b4070faea72504b293 2498 python-eventlet_0.40.1-3.dsc
 5e1408fc5affa79837caf935ea6b67a2bf3a32925090c848fc039d04afc77a2f 24764 python-eventlet_0.40.1-3.debian.tar.xz
 01fdfcca9ce9cbf12d5f37a34d2db44a4e892a794bd57f8c4c7a574efbee3ede 9386 python-eventlet_0.40.1-3_amd64.buildinfo
Files:
 fef3059276de1f995d86d05787e12d13 2498 python optional python-eventlet_0.40.1-3.dsc
 67befeac482c5964ef98dac5341a2316 24764 python optional python-eventlet_0.40.1-3.debian.tar.xz
 8487a20fa78ba2e4089ec0ccde8e2379 9386 python optional python-eventlet_0.40.1-3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmi0xjcACgkQ1BatFaxr
Q/7lrQ//adk1ShEVe7kXa9VOHhUP+B3x2DIKr6CwdZomE+X5S5HtrzMoRn/j6MjK
g65PJ3pei+YrdVbfvVIh16fye6tdBxHLMPnGNa0KnUOsVBFbc0705ee7KhW9+dCY
aj/QarfSVP51YPydmIGBJZgEW3W/Z8sOfS8XduqKBhvm5yk8MSQWoI25870tD7Zf
JhpS94lB15f2uEG32q2C5Y4GwaeGd2Wk+oT8WMb2VI/rIPM0M8P/z1im/BjDcdnM
e2Ty6q+WAIhe+FUro8Fyd18JvzhQeXjod+osyLZ26q3IYi6ezs7puwZvuj2ZAsTc
hozLO7zEFj61JvAdUhRTkrYLFSRSeDzIz+lKHq2zegDIQ7Pg8LaxADSo/BQw0nGk
EIbRjPlZr0R4a1Xfr2i1vj0wWv/Dk42utSkc5RdcjR909vf6JCL2clXXBRZe3FJO
/k0+br2c6Fc6vhC15692retqhGwQJUanOEpmKJC1hXVtgbKXD8CeeeTmVC7AtGUD
Q7rO3Wp40PeRHNE8e/ySOAMj3k+JySzsoe/Fi735SuLliMLZi1QoqNpAIGhit5Ii
4zWl+FBpEpuC9wf8muSc0nkwEWDXzUQbnzQGIwjqmJ9ef8dqrLc9/0m6/Tnc8Jaw
sEcAXJBB1RokxtC07fUzu1VWrD0SBIMRw+Y0WKbrw8JYRJstSFY=
=RnIC
-----END PGP SIGNATURE-----

Attachment: pgpDW4j_qP7Vk.pgp
Description: PGP signature

Reply to: