-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 03 Jun 2025 13:27:39 +0200
Source: python-tornado
Architecture: source
Version: 6.2.0-3+deb12u2
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Daniel Leidert <dleidert@debian.org>
Closes: 1105886
Changes:
 python-tornado (6.2.0-3+deb12u2) bookworm-security; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS team.
   * d/patches/CVE-2025-47287.patch: Add patch to fix CVE-2025-47287.
     - When Tornado's 'multipart/form-data' parser encounters certain errors,
       it logs a warning but continues trying to parse the remainder of the
       data. This allows remote attackers to generate an extremely high volume
       of logs, constituting a DoS attack. This DoS is compounded by the fact
       that the logging subsystem is synchronous (closes: #1105886).
Checksums-Sha1:
 4d88854164a708f4acf181a2397d7e67137c14f1 2559 python-tornado_6.2.0-3+deb12u2.dsc
 9e809453db3a3347b7c0e7837a189833247e0828 519040 python-tornado_6.2.0.orig.tar.gz
 068024e3b3bcf285e63b1702d40bbab7b84a9422 15600 python-tornado_6.2.0-3+deb12u2.debian.tar.xz
 ef9d98d59ca35c105ebc610846836a1463094d1b 10494 python-tornado_6.2.0-3+deb12u2_amd64.buildinfo
Checksums-Sha256:
 3f0add8aac3e118c3a72045c41c200138ff9e097aa334dbbf983e5a6cc236353 2559 python-tornado_6.2.0-3+deb12u2.dsc
 c2e902e4771eb90b057c7629fa239a59ecae63052919c3b5e61253f2c8a5f0d6 519040 python-tornado_6.2.0.orig.tar.gz
 ee4503f50b56a2e41dd6646e6eabffea52fff79a5cba0a9d80631208c1dd6d55 15600 python-tornado_6.2.0-3+deb12u2.debian.tar.xz
 4d233ff7b91a450178673f15dcb801f505b73e394215cf6f238a4b9ca6f568c6 10494 python-tornado_6.2.0-3+deb12u2_amd64.buildinfo
Files:
 3c10d3e3161e4cc37fe6ed85762b51ac 2559 web optional python-tornado_6.2.0-3+deb12u2.dsc
 ac5546f18d57171df7f711aefbd518c6 519040 web optional python-tornado_6.2.0.orig.tar.gz
 81f17a3245e79ef715db2ae6e2a10ba5 15600 web optional python-tornado_6.2.0-3+deb12u2.debian.tar.xz
 f587a690d8b1e89eb1ca2080c00b1f46 10494 web optional python-tornado_6.2.0-3+deb12u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmhAttMACgkQS80FZ8KW
0F1FEQ//SZY0ATG13ttQ5Hy9Ih+TS+T+vmYvBn9QTi4BGTEnppfbPyNb53ylLuox
Ma+diWFY5CLnYtH3dlfCZVwkPASbxaIRw2xt6J4KYzxS7aUyTolRMcwQYIb0o7YG
VS268Tx0Vp6borKNrG/wk7DjlFtp7EoIYu3uIKd2txdOxLtTgsfI304nj3bod3M9
tQ3uMSk3e/L6EvRaoySX4KvxLklT/QE94vTkNh+uT2n0Mo28c902n5vCheEJmEEP
eaNuYRiwZon4mAASBAxTpipLeKJ1okSMp14hdyvnAd3ZQu2Cv8ThpJDjuqM88NBf
5mkxo0IWz8vv+SPzF3Sry66soZzPPmZ9kvcJ3ak1LA3QAb8G1wFgJNzn1SeCCRvS
8gXSPNisZ6dWsXYs+CLCnqmcR7GRueRswoS71QixLvAFpyvn6WvfqoLZyaTrJ84w
pVAZKYJVGAdmuKdEWdkFA5VyMSuRcuOtmVjrUfiF7ataQ1uCUEEBUSfeCDX+W1Uq
KNEXNZ8KIbO8YVvA5z8CzxlZHT3TnIiBNj6IJlokmw5I/NFitWmhx7lHDnomJ8KC
icQy5tUWK6H87SSl4qlXfFR43QiBDEhtpERCM3HAYulvqB9yF7wLxp7llHMCxktN
y0Hc2QP4/FH5qxjtaVtcpx4u68SXPgslRjODfBeF+SsmWYnrIx8=
=rHCe
-----END PGP SIGNATURE-----