| Package | python-eventlet |
|---|---|
| Version | 0.19.0-6+deb9u1 (stretch), 0.20.0-6+deb10u1 (buster) |
| Related CVEs | CVE-2025-58068 CVE-2023-40217 |
A potential HTTP Request Smuggling issue was discovered in python-eventlet, a
concurrent networking library for Python.
This issue was caused by the improper handling of HTTP trailer sections. This
vulnerability could have permitted attackers to bypass front-end security
controls, launch targeted attacks against active site users and/or poison web
caches. This problem has been addressed by dropping trailers, a potentially
breaking change if a backend behind the eventlet.wsgi proxy requires such
trailers.
For Debian 10 buster, these problems have been fixed in version 0.20.0-6+deb10u1.
For Debian 9 stretch, these problems have been fixed in version 0.19.0-6+deb9u1.
We recommend that you upgrade your python-eventlet packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.