CVE-2023-5625

NameCVE-2023-5625
DescriptionA regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
python-eventlet (PTS)bullseye0.26.1-7+deb11u1fixed
bullseye (security)0.26.1-7+deb11u2fixed
bookworm0.33.1-4fixed
trixie0.39.1-2fixed
forky, sid0.40.3-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
python-eventletsource(unstable)(not affected)

Notes

- python-eventlet <not-affected> (Red Hat-specific regression)
https://bugzilla.redhat.com/show_bug.cgi?id=2244717
Search for package or bug name: Reporting problems