Register | Log in

gunicorn

Event-based HTTP/WSGI server

Choose email to subscribe with

general

source: gunicorn (main)
version: 23.0.0-1
maintainer: Debian Python Team (DMD)
uploaders: Chris Lamb [DMD]
arch: all
std-ver: 4.6.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 19.9.0-1
o-o-sec: 19.9.0-1+deb10u1
oldstable: 20.1.0-1
old-sec: 20.1.0-1+deb11u1
stable: 20.1.0-6+deb12u1
testing: 23.0.0-1
unstable: 23.0.0-1

versioned links

19.9.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
19.9.0-1+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20.1.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20.1.0-1+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20.1.0-6+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
23.0.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

gunicorn (1 bugs: 0, 1, 0, 0)
gunicorn-examples
python3-gunicorn

action needed

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2024-6827: Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data exposure, session manipulation, SSRF, XSS, DoS, data integrity compromise, security bypass, information leakage, and business logic abuse.

Created: 2025-03-21 Last update: 2025-03-21 18:04

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2024-6827: (needs triaging) Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data exposure, session manipulation, SSRF, XSS, DoS, data integrity compromise, security bypass, information leakage, and business logic abuse.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-03-21 Last update: 2025-03-21 18:04

debian/patches: 4 patches to forward upstream low

Among the 4 debian patches available in version 23.0.0-1 of the package, we noticed the following issues:

4 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2024-08-15 10:44

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.6.1).

Created: 2022-12-17 Last update: 2025-02-27 13:24

news

[2024-12-29] Accepted gunicorn 20.1.0-6+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Adrian Bunk)
[2024-12-20] Accepted gunicorn 20.1.0-1+deb11u1 (source) into oldstable-security (Adrian Bunk)
[2024-08-17] gunicorn 23.0.0-1 MIGRATED to testing (Debian testing watch)
[2024-08-14] Accepted gunicorn 23.0.0-1 (source) into unstable (Colin Watson)
[2024-06-30] Accepted gunicorn 19.9.0-1+deb10u1 (source) into oldoldstable (Markus Koschany)
[2024-05-30] gunicorn 22.0.0-1 MIGRATED to testing (Debian testing watch)
[2024-05-27] Accepted gunicorn 22.0.0-1 (source) into unstable (Colin Watson)
[2022-11-03] gunicorn 20.1.0-6 MIGRATED to testing (Debian testing watch)
[2022-10-31] Accepted gunicorn 20.1.0-6 (source) into unstable (Jelmer Vernooĳ) (signed by: Jelmer Vernooij)
[2022-10-31] gunicorn 20.1.0-5 MIGRATED to testing (Debian testing watch)
[2022-10-28] Accepted gunicorn 20.1.0-5 (source) into unstable (Jelmer Vernooĳ) (signed by: Jelmer Vernooij)
[2022-10-21] gunicorn 20.1.0-4 MIGRATED to testing (Debian testing watch)
[2022-10-19] gunicorn 20.1.0-3 MIGRATED to testing (Debian testing watch)
[2022-10-18] Accepted gunicorn 20.1.0-4 (source) into unstable (Antonio Terceiro)
[2022-10-17] Accepted gunicorn 20.1.0-3 (source) into unstable (Jelmer Vernooĳ) (signed by: Jelmer Vernooij)
[2021-11-05] gunicorn 20.1.0-2 MIGRATED to testing (Debian testing watch)
[2021-11-02] Accepted gunicorn 20.1.0-2 (source) into unstable (Chris Lamb)
[2021-02-27] Accepted gunicorn 20.1.0-1~bpo10+1 (source all) into buster-backports (Chris Lamb)
[2021-02-27] gunicorn 20.1.0-1 MIGRATED to testing (Debian testing watch)
[2021-02-17] Accepted gunicorn 20.1.0-1 (source) into unstable (Chris Lamb)
[2020-03-27] Accepted gunicorn 20.0.4-4~bpo10+1 (source all) into buster-backports (Chris Lamb)
[2020-03-27] gunicorn 20.0.4-4 MIGRATED to testing (Debian testing watch)
[2020-03-24] Accepted gunicorn 20.0.4-4 (source) into unstable (Chris Lamb)
[2020-03-16] Accepted gunicorn 20.0.4-3~bpo10+1 (source all) into buster-backports, buster-backports (Debian FTP Masters) (signed by: Chris Lamb)
[2020-03-01] gunicorn 20.0.4-3 MIGRATED to testing (Debian testing watch)
[2020-02-27] Accepted gunicorn 20.0.4-3 (source) into unstable (Chris Lamb)
[2020-02-10] gunicorn 20.0.4-2 MIGRATED to testing (Debian testing watch)
[2020-02-07] Accepted gunicorn 20.0.4-2 (source) into unstable (Chris Lamb)
[2019-12-01] gunicorn 20.0.4-1 MIGRATED to testing (Debian testing watch)
[2019-11-29] Accepted gunicorn 20.0.4-1 (source) into unstable (Chris Lamb)

1
2

bugs [bug history graph]

all: 3
RC: 0
I&N: 3
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 23.0.0-1
2 bugs (1 patch)

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing