-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 03 Jun 2025 13:27:39 +0200 Source: python-tornado Binary: python3-tornado python3-tornado-dbgsym Architecture: amd64 Version: 6.2.0-3+deb12u2 Distribution: bookworm-security Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-conova-02) Changed-By: Daniel Leidert Description: python3-tornado - scalable, non-blocking web server and tools - Python 3 package Closes: 1105886 Changes: python-tornado (6.2.0-3+deb12u2) bookworm-security; urgency=medium . * Non-maintainer upload by the Debian LTS team. * d/patches/CVE-2025-47287.patch: Add patch to fix CVE-2025-47287. - When Tornado's 'multipart/form-data' parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous (closes: #1105886). Checksums-Sha1: 108c257a2c2155beeb6d16a7cfdfd34958e3992f 9705 python-tornado_6.2.0-3+deb12u2_amd64-buildd.buildinfo 9c7edc87923484904aea037ffb1c11a2e99c7578 4444 python3-tornado-dbgsym_6.2.0-3+deb12u2_amd64.deb e9f9826c6082cdc147c1878f94e2840e7d905e79 338524 python3-tornado_6.2.0-3+deb12u2_amd64.deb Checksums-Sha256: 23fa1677d6fa17827dab1a5a521f362d63d9adbc9042bfe376e18f239b1b5b54 9705 python-tornado_6.2.0-3+deb12u2_amd64-buildd.buildinfo a122a6a2880153a0ca1d35478070120cc3fefab18847bc35c2f9c6a3deadc0fd 4444 python3-tornado-dbgsym_6.2.0-3+deb12u2_amd64.deb f06b63b9ef2e4e2e85474db6797bdff2082364d49a95d77f73b87bbfb10b70c5 338524 python3-tornado_6.2.0-3+deb12u2_amd64.deb Files: 6881151da484c52aa431069e9d212e4e 9705 web optional python-tornado_6.2.0-3+deb12u2_amd64-buildd.buildinfo ff86ed757f0dc385c44e84c1564613d9 4444 debug optional python3-tornado-dbgsym_6.2.0-3+deb12u2_amd64.deb 96cea837d91ae1f6680d47e31cfdfc98 338524 web optional python3-tornado_6.2.0-3+deb12u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErwLLVsiCiGZggzpHJuP6X4A0XeIFAmhAvP0ACgkQJuP6X4A0 XeKuEw//ar9KNOG/Cmdlm/AgWdkp/PbZp+EKrOXi+eBuanGTi+eFFaTBdxxm71U2 dPV+toefipf9DMFuMJaOZbnUg+9+XrGmsr+7baway8w8JrSYnhBJc9Fkeqx8ztdr 8LMN/j6eW+CpXeQiolv8Ild/RU4XI9y2zpoKNiY89QYIX/3ygdr+YBA9+Yqcgonr 3rhOMH+oD7dr5LZ+AhppftHDAIRvazOrs9UySk4oIeCV3Bj2CEuaShGTPXbRPqKM nN/zZo7hmVfhfxDsmNJ2TXn3PO37SDgdJZGRwcTtre/924JkwEsl2mBAd1yF7dif pTFTVPSXwwmewbUzYo4qTIWq6lW5nieOpbTGVL2SY9NUEvs3iWm0aobeuBHyt3oB CXsvDl4cEVralMj+r/a4Wak/ndvsEU7rHOEi7ajGiqqKvqrNRQWc45Mlqko5LTrE wUzMEhp+f0CdGfTspm9eDPkycNbcdFNM4MyT0UGoaNGrQp9u7mLEvH5UhVOglyhf e8UvPz7+/0cVyJM+zXO+bUWDWKypyblPqJkaL7RUM8oaqExR114J55mSkcpNat0z QezxQxwLOVdWJ+5wpB2XNJtNByKqrcNkYiXkaO2+M3q5OEG88qxMMAUWOLHyem5A GAyq/eAz7z/RZy5Pf9TGTawSC9CA0GR6T5CwlFr2y3yJRH9WQ/c= =dpnW -----END PGP SIGNATURE-----