Accepted python-eventlet 0.26.1-7+deb11u2 (source) into oldoldstable-security

Tue, 02 Sep 2025 20:44:42 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 01 Sep 2025 10:21:48 +0200
Source: python-eventlet
Architecture: source
Version: 0.26.1-7+deb11u2
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Python Team <[email protected]>
Changed-By: Thomas Goirand <[email protected]>
Closes: 1112515
Changes:
 python-eventlet (0.26.1-7+deb11u2) bullseye-security; urgency=medium
 .
   * CVE-2025-58068: Eventlet is a concurrent networking library for Python.
     Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP
     Request Smuggling due to improper handling of HTTP trailer sections. This
     vulnerability could enable attackers to, bypass front-end security
     controls, launch targeted attacks against active site users, and poison web
     caches. Applied upstream patch (Closes: #1112515):
     - Fix_request_smuggling_vulnerability_by_discarding_trailers.patch
   * Add openstack-pkg-tools as build-depends and include pkgos.make in d/rules.
Checksums-Sha1:
 06540de32f30ea219beac4d9b7a3eb7cd6d1c528 2559 
python-eventlet_0.26.1-7+deb11u2.dsc
 7d8b0ca19f0e94a8efbb84e1d07735777aa9df5c 398200 
python-eventlet_0.26.1.orig.tar.gz
 0291ccd6d2aac9a1ede8b96eba5b34a7700411bd 26632 
python-eventlet_0.26.1-7+deb11u2.debian.tar.xz
 068a0f8adbde813c895618dc23addd033f1b3054 8985 
python-eventlet_0.26.1-7+deb11u2_amd64.buildinfo
Checksums-Sha256:
 9f38077f98eac9d590e0136748da17b2aca548a44353ae0e1d1bff7af91066fe 2559 
python-eventlet_0.26.1-7+deb11u2.dsc
 4f4a43366b4cbd4a3f2f231816e5c3dae8ab316df9b7da11f0525e2800559f33 398200 
python-eventlet_0.26.1.orig.tar.gz
 a2c961f9af7231c635e4a0a6972467b23896587bbcbf0def3cf25e5a75c5eaaa 26632 
python-eventlet_0.26.1-7+deb11u2.debian.tar.xz
 9791b4b5b2312e3278322cceea693fa15931bcc73c40a01b7991fe0864651f5d 8985 
python-eventlet_0.26.1-7+deb11u2_amd64.buildinfo
Files:
 193da91004f9306f7061e5abf63fa6d7 2559 python optional 
python-eventlet_0.26.1-7+deb11u2.dsc
 9abd39b758f3908a85026c9066836056 398200 python optional 
python-eventlet_0.26.1.orig.tar.gz
 94e40adbc564f00050dc6374435f4ff7 26632 python optional 
python-eventlet_0.26.1-7+deb11u2.debian.tar.xz
 52af2a51fd6bcd37c11a4d48645d14c7 8985 python optional 
python-eventlet_0.26.1-7+deb11u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmi234IACgkQ1BatFaxr
Q/5KmhAAouJQfEv9QEYtxTZDQg1mIZWAZhAxfBsCKPFPwqs48JwzDy5IT8nux/Eb
I6PJDpcBY7uKJwmJLrZ149dXABmtSvBaaXpKZUcOIBkPjNOE/QlVSZNNcyxfpBs7
DDuJ85j+smIS6VVO6qZ5wUTlCaADp5+vRwz8AZzGmSqlhpQfNGhFUAVfqlevVTdV
vsYUuqxnq2rvBtrHvShf68DmcySW85nDseZRZVXfzk3QIJDjsU1vorcQaX2wj0d1
say9cqVsSwFIKQ9ZM2SfQA6H+AlAZcLlYiJ4YmH58RRwEtd8me28m8fmTGXzaRmW
6f0ZZb8/50mi5sqiH/5DwNGTGns+sASdgPN1Bndj1NhxdPwKVnsfbBK/NRPg96yj
396HJWt7X1fd4+/KHlAcdGUzoT/AySsXnzSfkgOcch3GLhiVfpcb5l2ofYO1lV5Q
8rkAyabtC1yF5x9Of/TCw1Cb5KJGZFZGM2Bw6SHvdvI12TXwc/ejOTnhIeCwqoAD
9LaM6gBPZ0KkPnHnOCeyOE746oOSokq20Xgj2aNPwrub+bX2x/MIOmD9drKFnikq
1kbkkiHEKAUYP16JPZRIa2CtSceQxVnFBxXqTRS+rYb27Slq4ctcpR0hDCBAWvHE
zJmGq74HGet0oUV0/ih3Shgpy6/vnq8x2CZjGSlGNgZ1UA6Epxg=
=F60O
-----END PGP SIGNATURE-----

Attachment: pgpoVl7tL6QJK.pgp
Description: PGP signature

Reply via email to