-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 02 Sep 2025 10:43:30 +0200 Source: python-eventlet Architecture: source Version: 0.39.1-2+deb13u1 Distribution: trixie Urgency: medium Maintainer: Debian OpenStack <[email protected]> Changed-By: Thomas Goirand <[email protected]> Closes: 1112515 Changes: python-eventlet (0.39.1-2+deb13u1) trixie; urgency=medium . * CVE-2025-58068: Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted attacks against active site users, and poison web caches. Applied upstream patch (Closes: #1112515): - Fix_request_smuggling_vulnerability_by_discarding_trailers.patch Checksums-Sha1: b9b6037b3c6671565c0ede94750024145c046bc1 2530 python-eventlet_0.39.1-2+deb13u1.dsc d520366d95c0aaf40552363dc47c0f327f8bee1e 474744 python-eventlet_0.39.1.orig.tar.xz 73cf6a3035261b9e1e58d6a4312ddb5529e41a1e 24120 python-eventlet_0.39.1-2+deb13u1.debian.tar.xz 863d29d0eae7fc46356f8d16b9310ac214daff24 9312 python-eventlet_0.39.1-2+deb13u1_amd64.buildinfo Checksums-Sha256: cc6a982b75c580856024ea0d26c5143a1a5913c6a27dfea51c54f8cd37db4160 2530 python-eventlet_0.39.1-2+deb13u1.dsc 0eb9e4b111d3c328900d53bc4fa39292850cf156a9c840c3ef198fb81d842600 474744 python-eventlet_0.39.1.orig.tar.xz a70ab2c7ba043e01b34aff93b85601c806b42d7888c96e713629269837aac371 24120 python-eventlet_0.39.1-2+deb13u1.debian.tar.xz b443b38bb3afdec07ad5525a2ec44462a975eca037c86e52e38e3b0e03ac69bb 9312 python-eventlet_0.39.1-2+deb13u1_amd64.buildinfo Files: ec622fb67b28ce750c2336a8d3aa93bb 2530 python optional python-eventlet_0.39.1-2+deb13u1.dsc 5cfa1e5c920c8fe13df63d33b35a0dcb 474744 python optional python-eventlet_0.39.1.orig.tar.xz b8ede1dd0c831683da71614b6285ffaf 24120 python optional python-eventlet_0.39.1-2+deb13u1.debian.tar.xz 480383549706e0952a3eb18b7d1b0863 9312 python optional python-eventlet_0.39.1-2+deb13u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmj2oM4ACgkQ1BatFaxr Q/6+Qg//U9RGAt7DeC79LZ+zVkriebPyys3jH+DistKBJYG3zqQ1Z1cu5jvsl3SW +jQO4jGFmTUftg47wPzqR1ogqtp5T67+rnTERJlUB0Ic5mig1J2z+zkfFL7uxuOt v87Z+chiki7k9TGKJ7EcVVI67nx6dxh9btaonz4yshqJqOs3jK1ODWnY9a9hhIAZ sneVkgBm/AOhP0MMOJp3lpzCRYqfpD79HrYoJukjnEHRbvhxrKDSXZOhscBxHjwa pN/3dzJj8cFScYlAqphxhB3uzzNR0hQRax0Usb/bJWYtrWY8T4+7n1t2x6bqCBrr s/lhtQxXGjO7mTzck9IuOTcvw+7Ctv5YwrjCIJmXxu4KkPFXeta6RkWzKhFzKTPF pdbRNTLgKeNgHFrZhYd0yYdxWIhNzmUre35oiaYlPEt5FV4Kq5BH88gNvbWrkjaC JyjnTMb0JuSOkXZQGbC/gMAEgUOZil8aRptKVJ5Q1qttnz0TeQrC0t2Sn+XFqaTi qNoTUKM9MpEVi7/YkjOfu02JJcly2iP/omA0LW4Tt8thmhss/iA2fETFZ1IGqLWb E6GbdGIM4vp81voJSv1szuVDZ6TEhVq7Jrptu1mxkvknRVwwzJVp9Rcjc2Ltjv9U SHuQ2BGaNlB81EsE48UzBuSaFw+C9y4JPHAAgIyY6CsVhxuUxSE= =oshl -----END PGP SIGNATURE-----
pgpwVpORflgWE.pgp
Description: PGP signature
