Discussion:
Bug#988357: unblock: python-eventlet/0.26.1-7 CVE-2021-21419
(too old to reply)
Thomas Goirand
2021-05-11 09:30:01 UTC
Permalink
Package: release.debian.org
Severity: normal
User: ***@packages.debian.org
Usertags: unblock

Please unblock package python-eventlet

[ Reason ]
CVE-2021-21419

[ Impact ]
Malicious peer may exhaust memory on Eventlet side by sending
highly compressed data frame.

[ Tests ]
The Eventlet package contains its own test suite.

[ Risks ]
Regression? Hopefully not. The affected code is only in the
websocket.py file.

[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing

Please unblock python-eventlet/0.26.1-7

Cheers,

Thomas Goirand (zigo)
Debian Bug Tracking System
2021-05-11 19:10:02 UTC
Permalink
Your message dated Tue, 11 May 2021 19:04:08 +0000
with message-id <E1lgXfs-0000BT-***@respighi.debian.org>
and subject line unblock python-eventlet
has caused the Debian Bug report #988357,
regarding unblock: python-eventlet/0.26.1-7 CVE-2021-21419
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ***@bugs.debian.org
immediately.)
--
988357: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988357
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems
Loading...