-------------------------------------------------------------------------
Debian LTS Advisory DLA-4289-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Thomas Goirand
September 02, 2025 https://wiki.debian.org/LTS
-------------------------------------------------------------------------
Package : python-eventlet
Version : 0.26.1-7+deb11u2
CVE ID : CVE-2025-58068
Debian Bug :
CVE-2025-58068
Eventlet is a concurrent networking library for Python. Eventlet WSGI
parser is vulnerable to HTTP Request Smuggling due to improper
handling of HTTP trailer sections. This vulnerability could enable
attackers to, bypass front-end security controls, launch targeted
attacks against active site users, and poison web caches.
For Debian 11 bullseye, this problem has been fixed in version
0.26.1-7+deb11u2.
We recommend that you upgrade your python-eventlet packages.
For the detailed security status of python-eventlet please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-eventlet
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature