Debian Python-Eventlet vulnerabilities

CVE-2025-58068 [MEDIUM] CVE-2025-58068: python-eventlet - Eventlet is a concurrent networking library for Python. Prior to version 0.40.3,... Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted attacks against active site users, and poison web caches. This

CVE-2023-5625 [MEDIUM] CVE-2023-5625: python-eventlet - A regression was introduced in the Red Hat build of python-eventlet due to a cha... A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2021-21419 [MEDIUM] CVE-2021-21419: python-eventlet - Eventlet is a concurrent networking library for Python. A websocket peer may exh... Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to reasonable limits. As a workaround, restricting memory usage v