Accepted python-eventlet 0.26.1-7+deb11u2 (source) into oldoldstable-security

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted python-eventlet 0.26.1-7+deb11u2 (source) into oldoldstable-security
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Tue, 02 Sep 2025 12:30:22 +0000
Message-id: <[🔎] E1utQ9W-00EbwV-2X@seger.debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 01 Sep 2025 10:21:48 +0200
Source: python-eventlet
Architecture: source
Version: 0.26.1-7+deb11u2
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Closes: 1112515
Changes:
 python-eventlet (0.26.1-7+deb11u2) bullseye-security; urgency=medium
 .
   * CVE-2025-58068: Eventlet is a concurrent networking library for Python.
     Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP
     Request Smuggling due to improper handling of HTTP trailer sections. This
     vulnerability could enable attackers to, bypass front-end security
     controls, launch targeted attacks against active site users, and poison web
     caches. Applied upstream patch (Closes: #1112515):
     - Fix_request_smuggling_vulnerability_by_discarding_trailers.patch
   * Add openstack-pkg-tools as build-depends and include pkgos.make in d/rules.
Checksums-Sha1:
 06540de32f30ea219beac4d9b7a3eb7cd6d1c528 2559 python-eventlet_0.26.1-7+deb11u2.dsc
 7d8b0ca19f0e94a8efbb84e1d07735777aa9df5c 398200 python-eventlet_0.26.1.orig.tar.gz
 0291ccd6d2aac9a1ede8b96eba5b34a7700411bd 26632 python-eventlet_0.26.1-7+deb11u2.debian.tar.xz
 068a0f8adbde813c895618dc23addd033f1b3054 8985 python-eventlet_0.26.1-7+deb11u2_amd64.buildinfo
Checksums-Sha256:
 9f38077f98eac9d590e0136748da17b2aca548a44353ae0e1d1bff7af91066fe 2559 python-eventlet_0.26.1-7+deb11u2.dsc
 4f4a43366b4cbd4a3f2f231816e5c3dae8ab316df9b7da11f0525e2800559f33 398200 python-eventlet_0.26.1.orig.tar.gz
 a2c961f9af7231c635e4a0a6972467b23896587bbcbf0def3cf25e5a75c5eaaa 26632 python-eventlet_0.26.1-7+deb11u2.debian.tar.xz
 9791b4b5b2312e3278322cceea693fa15931bcc73c40a01b7991fe0864651f5d 8985 python-eventlet_0.26.1-7+deb11u2_amd64.buildinfo
Files:
 193da91004f9306f7061e5abf63fa6d7 2559 python optional python-eventlet_0.26.1-7+deb11u2.dsc
 9abd39b758f3908a85026c9066836056 398200 python optional python-eventlet_0.26.1.orig.tar.gz
 94e40adbc564f00050dc6374435f4ff7 26632 python optional python-eventlet_0.26.1-7+deb11u2.debian.tar.xz
 52af2a51fd6bcd37c11a4d48645d14c7 8985 python optional python-eventlet_0.26.1-7+deb11u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmi234IACgkQ1BatFaxr
Q/5KmhAAouJQfEv9QEYtxTZDQg1mIZWAZhAxfBsCKPFPwqs48JwzDy5IT8nux/Eb
I6PJDpcBY7uKJwmJLrZ149dXABmtSvBaaXpKZUcOIBkPjNOE/QlVSZNNcyxfpBs7
DDuJ85j+smIS6VVO6qZ5wUTlCaADp5+vRwz8AZzGmSqlhpQfNGhFUAVfqlevVTdV
vsYUuqxnq2rvBtrHvShf68DmcySW85nDseZRZVXfzk3QIJDjsU1vorcQaX2wj0d1
say9cqVsSwFIKQ9ZM2SfQA6H+AlAZcLlYiJ4YmH58RRwEtd8me28m8fmTGXzaRmW
6f0ZZb8/50mi5sqiH/5DwNGTGns+sASdgPN1Bndj1NhxdPwKVnsfbBK/NRPg96yj
396HJWt7X1fd4+/KHlAcdGUzoT/AySsXnzSfkgOcch3GLhiVfpcb5l2ofYO1lV5Q
8rkAyabtC1yF5x9Of/TCw1Cb5KJGZFZGM2Bw6SHvdvI12TXwc/ejOTnhIeCwqoAD
9LaM6gBPZ0KkPnHnOCeyOE746oOSokq20Xgj2aNPwrub+bX2x/MIOmD9drKFnikq
1kbkkiHEKAUYP16JPZRIa2CtSceQxVnFBxXqTRS+rYb27Slq4ctcpR0hDCBAWvHE
zJmGq74HGet0oUV0/ih3Shgpy6/vnq8x2CZjGSlGNgZ1UA6Epxg=
=F60O
-----END PGP SIGNATURE-----

Attachment: pgpu7p4WAD2j3.pgp
Description: PGP signature

Reply to:

Prev by Date: Accepted ruby-saml 1.11.0-1+deb11u3 (source) into oldoldstable-security
Next by Date: Accepted python-h2 4.0.0-3+deb11u1 (source) into oldoldstable-security
Previous by thread: Accepted ruby-saml 1.11.0-1+deb11u3 (source) into oldoldstable-security
Next by thread: Accepted python-h2 4.0.0-3+deb11u1 (source) into oldoldstable-security
Index(es):
- Date
- Thread