CVE-2021-21419 (https://github.com/eventlet/eventlet/security/advisories/GHSA-9p9m-jm8w-94p2): Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to reasonable limits. As a workaround, restricting memory usage via OS limits would help against overall machine exhaustion, but there is no workaround to protect Eventlet process. Fix in 0.31.0, we'll just depend on the stablereq here.
Package list is empty or all packages have requested keywords.
Please cleanup, thanks!
done.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2cae59c762dd22236d7aaec7e979b67e0c10d8a5 commit 2cae59c762dd22236d7aaec7e979b67e0c10d8a5 Author: Jakov Smolić <jsmolic@gentoo.org> AuthorDate: 2022-11-24 06:32:09 +0000 Commit: Jakov Smolić <jsmolic@gentoo.org> CommitDate: 2022-11-24 06:36:44 +0000 dev-python/eventlet: treeclean Closes: https://bugs.gentoo.org/845723 Closes: https://bugs.gentoo.org/865499 Closes: https://bugs.gentoo.org/827876 Closes: https://bugs.gentoo.org/797586 Closes: https://bugs.gentoo.org/798114 Signed-off-by: Jakov Smolić <jsmolic@gentoo.org> dev-python/eventlet/Manifest | 1 - dev-python/eventlet/eventlet-0.33.1.ebuild | 63 ---------------------- .../eventlet/files/eventlet-0.25.1-tests.patch | 40 -------------- .../files/eventlet-0.30.0-tests-socket.patch | 13 ----- .../files/eventlet-0.30.2-test-timeout.patch | 39 -------------- dev-python/eventlet/metadata.xml | 12 ----- profiles/package.mask | 7 --- 7 files changed, 175 deletions(-)
