Source: python-eventlet Version: 0.26.1-6 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 0.20.0-6
Hi, The following vulnerability was published for python-eventlet. CVE-2021-21419[0]: | Eventlet is a concurrent networking library for Python. A websocket | peer may exhaust memory on Eventlet side by sending very large | websocket frames. Malicious peer may exhaust memory on Eventlet side | by sending highly compressed data frame. A patch in version 0.31.0 | restricts websocket frame to reasonable limits. As a workaround, | restricting memory usage via OS limits would help against overall | machine exhaustion, but there is no workaround to protect Eventlet | process. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-21419 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21419 [1] https://github.com/eventlet/eventlet/security/advisories/GHSA-9p9m-jm8w-94p2 [2] https://github.com/eventlet/eventlet/commit/1412f5e4125b4313f815778a1acb4d3336efcd07 Regards, Salvatore
