-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 02 Sep 2025 10:43:30 +0200
Source: python-eventlet
Architecture: source
Version: 0.39.1-2+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian OpenStack <team+openstack@tracker.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Closes: 1112515
Changes:
 python-eventlet (0.39.1-2+deb13u1) trixie; urgency=medium
 .
   * CVE-2025-58068: Eventlet is a concurrent networking library for Python.
     Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP
     Request Smuggling due to improper handling of HTTP trailer sections. This
     vulnerability could enable attackers to, bypass front-end security
     controls, launch targeted attacks against active site users, and poison web
     caches. Applied upstream patch (Closes: #1112515):
     - Fix_request_smuggling_vulnerability_by_discarding_trailers.patch
Checksums-Sha1:
 b9b6037b3c6671565c0ede94750024145c046bc1 2530 python-eventlet_0.39.1-2+deb13u1.dsc
 d520366d95c0aaf40552363dc47c0f327f8bee1e 474744 python-eventlet_0.39.1.orig.tar.xz
 73cf6a3035261b9e1e58d6a4312ddb5529e41a1e 24120 python-eventlet_0.39.1-2+deb13u1.debian.tar.xz
 863d29d0eae7fc46356f8d16b9310ac214daff24 9312 python-eventlet_0.39.1-2+deb13u1_amd64.buildinfo
Checksums-Sha256:
 cc6a982b75c580856024ea0d26c5143a1a5913c6a27dfea51c54f8cd37db4160 2530 python-eventlet_0.39.1-2+deb13u1.dsc
 0eb9e4b111d3c328900d53bc4fa39292850cf156a9c840c3ef198fb81d842600 474744 python-eventlet_0.39.1.orig.tar.xz
 a70ab2c7ba043e01b34aff93b85601c806b42d7888c96e713629269837aac371 24120 python-eventlet_0.39.1-2+deb13u1.debian.tar.xz
 b443b38bb3afdec07ad5525a2ec44462a975eca037c86e52e38e3b0e03ac69bb 9312 python-eventlet_0.39.1-2+deb13u1_amd64.buildinfo
Files:
 ec622fb67b28ce750c2336a8d3aa93bb 2530 python optional python-eventlet_0.39.1-2+deb13u1.dsc
 5cfa1e5c920c8fe13df63d33b35a0dcb 474744 python optional python-eventlet_0.39.1.orig.tar.xz
 b8ede1dd0c831683da71614b6285ffaf 24120 python optional python-eventlet_0.39.1-2+deb13u1.debian.tar.xz
 480383549706e0952a3eb18b7d1b0863 9312 python optional python-eventlet_0.39.1-2+deb13u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmj2oM4ACgkQ1BatFaxr
Q/6+Qg//U9RGAt7DeC79LZ+zVkriebPyys3jH+DistKBJYG3zqQ1Z1cu5jvsl3SW
+jQO4jGFmTUftg47wPzqR1ogqtp5T67+rnTERJlUB0Ic5mig1J2z+zkfFL7uxuOt
v87Z+chiki7k9TGKJ7EcVVI67nx6dxh9btaonz4yshqJqOs3jK1ODWnY9a9hhIAZ
sneVkgBm/AOhP0MMOJp3lpzCRYqfpD79HrYoJukjnEHRbvhxrKDSXZOhscBxHjwa
pN/3dzJj8cFScYlAqphxhB3uzzNR0hQRax0Usb/bJWYtrWY8T4+7n1t2x6bqCBrr
s/lhtQxXGjO7mTzck9IuOTcvw+7Ctv5YwrjCIJmXxu4KkPFXeta6RkWzKhFzKTPF
pdbRNTLgKeNgHFrZhYd0yYdxWIhNzmUre35oiaYlPEt5FV4Kq5BH88gNvbWrkjaC
JyjnTMb0JuSOkXZQGbC/gMAEgUOZil8aRptKVJ5Q1qttnz0TeQrC0t2Sn+XFqaTi
qNoTUKM9MpEVi7/YkjOfu02JJcly2iP/omA0LW4Tt8thmhss/iA2fETFZ1IGqLWb
E6GbdGIM4vp81voJSv1szuVDZ6TEhVq7Jrptu1mxkvknRVwwzJVp9Rcjc2Ltjv9U
SHuQ2BGaNlB81EsE48UzBuSaFw+C9y4JPHAAgIyY6CsVhxuUxSE=
=oshl
-----END PGP SIGNATURE-----