home  bbs  files  messages ]

      ZZLI4418             linux.debian.changes             452 messages      

[ previous | next | reply ]

[ list messages | list forums ]

  Msg # 399 of 452 on ZZLI4418, Wednesday 10-21-25, 10:13  
  From: DEBIAN FTP MASTERS  
  To: ALL  
  Subj: Accepted python-eventlet 0.39.1-2+deb13u  
 From: ftpmaster@ftp-master.debian.org 
  
 -----BEGIN PGP SIGNED MESSAGE----- 
 Hash: SHA512 
  
 Format: 1.8 
 Date: Tue, 02 Sep 2025 10:43:30 +0200 
 Source: python-eventlet 
 Architecture: source 
 Version: 0.39.1-2+deb13u1 
 Distribution: trixie 
 Urgency: medium 
 Maintainer: Debian OpenStack  
 Changed-By: Thomas Goirand  
 Closes: 1112515 
 Changes: 
  python-eventlet (0.39.1-2+deb13u1) trixie; urgency=medium 
  . 
    * CVE-2025-58068: Eventlet is a concurrent networking library for Python. 
      Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP 
      Request Smuggling due to improper handling of HTTP trailer sections. 
 This 
      vulnerability could enable attackers to, bypass front-end security 
      controls, launch targeted attacks against active site users, and poison 
 web 
      caches. Applied upstream patch (Closes: #1112515): 
      - Fix_request_smuggling_vulnerability_by_discarding_trailers.patch 
 Checksums-Sha1: 
  b9b6037b3c6671565c0ede94750024145c046bc1 2530 python-eventlet_0 
 39.1-2+deb13u1.dsc 
  d520366d95c0aaf40552363dc47c0f327f8bee1e 474744 python-eventlet 
 0.39.1.orig.tar.xz 
  73cf6a3035261b9e1e58d6a4312ddb5529e41a1e 24120 python-eventlet_ 
 .39.1-2+deb13u1.debian.tar.xz 
  863d29d0eae7fc46356f8d16b9310ac214daff24 9312 python-eventlet_0 
 39.1-2+deb13u1_amd64.buildinfo 
 Checksums-Sha256: 
  cc6a982b75c580856024ea0d26c5143a1a5913c6a27dfea51c54f8cd37db4160 2530 
 python-eventlet_0.39.1-2+deb13u1.dsc 
  0eb9e4b111d3c328900d53bc4fa39292850cf156a9c840c3ef198fb81d842600 474744 
 python-eventlet_0.39.1.orig.tar.xz 
  a70ab2c7ba043e01b34aff93b85601c806b42d7888c96e713629269837aac371 24120 
 python-eventlet_0.39.1-2+deb13u1.debian.tar.xz 
  b443b38bb3afdec07ad5525a2ec44462a975eca037c86e52e38e3b0e03ac69bb 9312 
 python-eventlet_0.39.1-2+deb13u1_amd64.buildinfo 
 Files: 
  ec622fb67b28ce750c2336a8d3aa93bb 2530 python optional python-ev 
 ntlet_0.39.1-2+deb13u1.dsc 
  5cfa1e5c920c8fe13df63d33b35a0dcb 474744 python optional python- 
 ventlet_0.39.1.orig.tar.xz 
  b8ede1dd0c831683da71614b6285ffaf 24120 python optional python-e 
 entlet_0.39.1-2+deb13u1.debian.tar.xz 
  480383549706e0952a3eb18b7d1b0863 9312 python optional python-ev 
 ntlet_0.39.1-2+deb13u1_amd64.buildinfo 
  
 -----BEGIN PGP SIGNATURE----- 
  
 iQIzBAEBCgAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmj2oM4ACgkQ1BatFaxr 
 Q/6+Qg//U9RGAt7DeC79LZ+zVkriebPyys3jH+DistKBJYG3zqQ1Z1cu5jvsl3SW 
 +jQO4jGFmTUftg47wPzqR1ogqtp5T67+rnTERJlUB0Ic5mig1J2z+zkfFL7uxuOt 
 v87Z+chiki7k9TGKJ7EcVVI67nx6dxh9btaonz4yshqJqOs3jK1ODWnY9a9hhIAZ 
 sneVkgBm/AOhP0MMOJp3lpzCRYqfpD79HrYoJukjnEHRbvhxrKDSXZOhscBxHjwa 
 pN/3dzJj8cFScYlAqphxhB3uzzNR0hQRax0Usb/bJWYtrWY8T4+7n1t2x6bqCBrr 
 s/lhtQxXGjO7mTzck9IuOTcvw+7Ctv5YwrjCIJmXxu4KkPFXeta6RkWzKhFzKTPF 
 pdbRNTLgKeNgHFrZhYd0yYdxWIhNzmUre35oiaYlPEt5FV4Kq5BH88gNvbWrkjaC 
 JyjnTMb0JuSOkXZQGbC/gMAEgUOZil8aRptKVJ5Q1qttnz0TeQrC0t2Sn+XFqaTi 
 qNoTUKM9MpEVi7/YkjOfu02JJcly2iP/omA0LW4Tt8thmhss/iA2fETFZ1IGqLWb 
 E6GbdGIM4vp81voJSv1szuVDZ6TEhVq7Jrptu1mxkvknRVwwzJVp9Rcjc2Ltjv9U 
 SHuQ2BGaNlB81EsE48UzBuSaFw+C9y4JPHAAgIyY6CsVhxuUxSE= 
 =oshl 
 -----END PGP SIGNATURE----- 
  
  
 --============== 42538544561528043=Content-Type: application/pgp-signature 
  
 -----BEGIN PGP SIGNATURE----- 
  
 iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaPgUdQAKCRCb9qggYcy5 
 ISl9AQCzPywZB8y63+X5WlnE7CgzdCSM82KbIPThiSTitEwvTwD/R5hdgO5W4Ldy 
 lDvKMfIiq58vkO9L4bdvW23wUBhkJwY=brKk 
 -----END PGP SIGNATURE----- 
  
 --- SoupGate-Win32 v1.05 
  * Origin: you cannot sedate... all the things you hate (1:229/2) 

[ list messages | list forums | previous | next | reply ]

search for:

328,136 visits
(c) 1994,  bbs@darkrealms.ca