-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 03 Jun 2025 13:27:39 +0200
Source: python-tornado
Binary: python-tornado-doc
Architecture: all
Version: 6.2.0-3+deb12u2
Distribution: bookworm-security
Urgency: medium
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: Daniel Leidert <dleidert@debian.org>
Description:
 python-tornado-doc - scalable, non-blocking web server and tools - documentation
Closes: 1105886
Changes:
 python-tornado (6.2.0-3+deb12u2) bookworm-security; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS team.
   * d/patches/CVE-2025-47287.patch: Add patch to fix CVE-2025-47287.
     - When Tornado's 'multipart/form-data' parser encounters certain errors,
       it logs a warning but continues trying to parse the remainder of the
       data. This allows remote attackers to generate an extremely high volume
       of logs, constituting a DoS attack. This DoS is compounded by the fact
       that the logging subsystem is synchronous (closes: #1105886).
Checksums-Sha1:
 ea258d8d4c098117ea882e644c16b6fd269e6529 608568 python-tornado-doc_6.2.0-3+deb12u2_all.deb
 5da5bb4e6c6033499efa58bd42f3f58492bf6322 9398 python-tornado_6.2.0-3+deb12u2_all-buildd.buildinfo
Checksums-Sha256:
 ba19be51688fe26af4062dac1bf643ba6fcf2ad0e4f81b4c96b7b87011dc01f7 608568 python-tornado-doc_6.2.0-3+deb12u2_all.deb
 05f79ad275477a682b019db09d296592ab38281121ab085f8e1f70e9db224171 9398 python-tornado_6.2.0-3+deb12u2_all-buildd.buildinfo
Files:
 5f18902b8273f8aab0de0ce8f3053944 608568 doc optional python-tornado-doc_6.2.0-3+deb12u2_all.deb
 62c6738bd045240286b4235f09f9ab37 9398 web optional python-tornado_6.2.0-3+deb12u2_all-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEj4Fym5GgeZdPqKhrJm69HxMTN+oFAmhAvOcACgkQJm69HxMT
N+o0fw/+OZrPP+YE8NnbmQyLqAFe7AukUgYcSj7pPMFGFffTsuxAgolg9DGZwcnK
VpG1wyElVrrg6BRHb13UZ7EDNHGB8eWnseI69qvsW9mSejeCPdbJq6x2jTaqdFZq
gna92URkGQb/f/xBH75cPZIslzYcFqok7UvtgxkCxlLDN/r9ynV3Ij2yRsFuod1g
uKbHFTBabRPIGab5ei/qjJOx9tugZwcjp8KzDbHQb+AWvEeCpPXrHo7hkwVOm1S6
SG9G/0dg9ikGsnBtWJViITRN7+UIAOAbqEnMaborSaB7oEZYUWBvTcv+bGcYNeB/
Hyc5yxOP5m3s9xxXtiSmiT9mBnqC2RxTe6wkvHVkIvXmHPSqsxOnVsk/JpZ0RamJ
Ndc5yEPhzpZBhPeXpqZ4hNfbIZIVYqMuMKcNdRtFYDE+p7cEBnrlSr1VPl0IrX/3
TrFC5Co2MrWtQh8aU2TDPe2VClvKYePnEX1rFbec75cYFGr56NsGJBPau2ZmVL/o
IZgPLnJj85rd7YGWJKGIyKaSjInBaPHJWnMnvStaf+3Jj/otjUonsCPRfxDHiWVh
hQ4i+Yvfa+mrJoyXG9Oo9NAhqT+5fzMaDQounAR+AMuwUIywIbu1MhPFTVjiHdld
LxTe6os/wneNEsZ2dOXAH5APxG6IR7pEoZZeg8jLzhwg7H8NISo=
=G29D
-----END PGP SIGNATURE-----