{
	"document":{
		"aggregate_severity":{
			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
			"text":"High"
		},
		"category":"csaf_vex",
		"csaf_version":"2.0",
		"distribution":{
			"tlp":{
				"label":"WHITE",
				"url":"https:/www.first.org/tlp/"
			}
		},
		"lang":"en",
		"notes":[
			{
				"text":"python-waitress security update",
				"category":"general",
				"title":"Synopsis"
			},
			{
				"text":"An update for python-waitress is now available for openEuler-22.03-LTS-SP3",
				"category":"general",
				"title":"Summary"
			},
			{
				"text":"Waitress is meant to be a production-quality pure-Python WSGI server with very acceptable performance. It has no dependencies except ones which live in the Python standard library. It runs on CPython on Unix and Windows under Python 2.7+ and Python 3.5+. It is also known to run on PyPy 1.6.0+ on UNIX. It supports HTTP/1.0 and HTTP/1.1.\n\nSecurity Fix(es):\n\n(CVE-2024-49769)",
				"category":"general",
				"title":"Description"
			},
			{
				"text":"An update for python-waitress is now available for master/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP1/openEuler-22.03-LTS-SP3/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.09.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
				"category":"general",
				"title":"Topic"
			},
			{
				"text":"High",
				"category":"general",
				"title":"Severity"
			},
			{
				"text":"python-waitress",
				"category":"general",
				"title":"Affected Component"
			}
		],
		"publisher":{
			"issuing_authority":"openEuler security committee",
			"name":"openEuler",
			"namespace":"https://www.openeuler.org",
			"contact_details":"openeuler-security@openeuler.org",
			"category":"vendor"
		},
		"references":[
			{
				"summary":"openEuler-SA-2024-2375",
				"category":"self",
				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2375"
			},
			{
				"summary":"CVE-2024-49769",
				"category":"self",
				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-49769&packageName=python-waitress"
			},
			{
				"summary":"nvd cve",
				"category":"external",
				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-49769"
			},
			{
				"summary":"openEuler-SA-2024-2375 vex file",
				"category":"self",
				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openeuler-sa-2024-2375.json"
			}
		],
		"title":"An update for python-waitress is now available for openEuler-22.03-LTS-SP3",
		"tracking":{
			"initial_release_date":"2024-11-08T23:10:30+08:00",
			"revision_history":[
				{
					"date":"2024-11-08T23:10:30+08:00",
					"summary":"Initial",
					"number":"1.0.0"
				}
			],
			"generator":{
				"date":"2024-11-08T23:10:30+08:00",
				"engine":{
					"name":"openEuler CSAF Tool V1.0"
				}
			},
			"current_release_date":"2024-11-08T23:10:30+08:00",
			"id":"openEuler-SA-2024-2375",
			"version":"1.0.0",
			"status":"final"
		}
	},
	"product_tree":{
		"branches":[
			{
				"name":"openEuler",
				"category":"vendor",
				"branches":[
					{
						"name":"openEuler",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
									},
									"product_id":"openEuler-22.03-LTS-SP3",
									"name":"openEuler-22.03-LTS-SP3"
								},
								"name":"openEuler-22.03-LTS-SP3",
								"category":"product_version"
							}
						],
						"category":"product_name"
					},
					{
						"name":"src",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
									},
									"product_id":"python-waitress-2.0.0-5.oe2203sp3.src.rpm",
									"name":"python-waitress-2.0.0-5.oe2203sp3.src.rpm"
								},
								"name":"python-waitress-2.0.0-5.oe2203sp3.src.rpm",
								"category":"product_version"
							}
						],
						"category":"architecture"
					},
					{
						"name":"noarch",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
									},
									"product_id":"python3-waitress-2.0.0-5.oe2203sp3.noarch.rpm",
									"name":"python3-waitress-2.0.0-5.oe2203sp3.noarch.rpm"
								},
								"name":"python3-waitress-2.0.0-5.oe2203sp3.noarch.rpm",
								"category":"product_version"
							}
						],
						"category":"architecture"
					}
				]
			}
		],
		"relationships":[
			{
				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
				"product_reference":"python-waitress-2.0.0-5.oe2203sp3.src.rpm",
				"full_product_name":{
					"product_id":"openEuler-22.03-LTS-SP3:python-waitress-2.0.0-5.oe2203sp3.src",
					"name":"python-waitress-2.0.0-5.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3"
				},
				"category":"default_component_of"
			},
			{
				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
				"product_reference":"python3-waitress-2.0.0-5.oe2203sp3.noarch.rpm",
				"full_product_name":{
					"product_id":"openEuler-22.03-LTS-SP3:python3-waitress-2.0.0-5.oe2203sp3.noarch",
					"name":"python3-waitress-2.0.0-5.oe2203sp3.noarch as a component of openEuler-22.03-LTS-SP3"
				},
				"category":"default_component_of"
			}
		]
	},
	"vulnerabilities":[
		{
			"cve":"CVE-2024-49769",
			"notes":[
				{
					"text":"Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before waitress has had the opportunity to call getpeername() waitress won't correctly clean up the connection leading to the main thread attempting to write to a socket that no longer exists, but not removing it from the list of sockets to attempt to process. This leads to a busy-loop calling the write function. A remote attacker could run waitress out of available sockets with very little resources required. Waitress 3.0.1 contains fixes that remove the race condition.",
					"category":"description",
					"title":"Vulnerability Description"
				}
			],
			"product_status":{
				"fixed":[
					"openEuler-22.03-LTS-SP3:python-waitress-2.0.0-5.oe2203sp3.src",
					"openEuler-22.03-LTS-SP3:python3-waitress-2.0.0-5.oe2203sp3.noarch"
				]
			},
			"remediations":[
				{
					"product_ids":[
						"openEuler-22.03-LTS-SP3:python-waitress-2.0.0-5.oe2203sp3.src",
						"openEuler-22.03-LTS-SP3:python3-waitress-2.0.0-5.oe2203sp3.noarch"
					],
					"details":"python-waitress security update",
					"category":"vendor_fix",
					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2375"
				}
			],
			"scores":[
				{
					"cvss_v3":{
						"baseSeverity":"HIGH",
						"baseScore":7.5,
						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
						"version":"3.1"
					},
					"products":[
						"openEuler-22.03-LTS-SP3:python-waitress-2.0.0-5.oe2203sp3.src",
						"openEuler-22.03-LTS-SP3:python3-waitress-2.0.0-5.oe2203sp3.noarch"
					]
				}
			],
			"threats":[
				{
					"details":"High",
					"category":"impact"
				}
			],
			"title":"CVE-2024-49769"
		}
	]
}