-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 03 Jun 2025 13:27:39 +0200 Source: python-tornado Binary: python3-tornado python3-tornado-dbgsym Architecture: arm64 Version: 6.2.0-3+deb12u2 Distribution: bookworm-security Urgency: medium Maintainer: arm Build Daemon (arm-ubc-02) Changed-By: Daniel Leidert Description: python3-tornado - scalable, non-blocking web server and tools - Python 3 package Closes: 1105886 Changes: python-tornado (6.2.0-3+deb12u2) bookworm-security; urgency=medium . * Non-maintainer upload by the Debian LTS team. * d/patches/CVE-2025-47287.patch: Add patch to fix CVE-2025-47287. - When Tornado's 'multipart/form-data' parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous (closes: #1105886). Checksums-Sha1: 476717b9f68b767485413dbdd68bba3ffb5e74e5 9704 python-tornado_6.2.0-3+deb12u2_arm64-buildd.buildinfo b79b9d60b78dc8ae792469f1718633ab7eacf901 4572 python3-tornado-dbgsym_6.2.0-3+deb12u2_arm64.deb aa11a93550c9f75576233fa67cf900aea4ae07c4 338696 python3-tornado_6.2.0-3+deb12u2_arm64.deb Checksums-Sha256: 1036b5ff11a52449dc03f722495fa996918a8d92e77cb1519aa1eca855eee0bd 9704 python-tornado_6.2.0-3+deb12u2_arm64-buildd.buildinfo fffa70a44a77a0fa07b5a45f681716c0309458bddb3d41ac0c4495c2e0aff04a 4572 python3-tornado-dbgsym_6.2.0-3+deb12u2_arm64.deb a29fb7131996fdde4e9c659a8c22b909d38856f20315665fd5788dd962b77a4b 338696 python3-tornado_6.2.0-3+deb12u2_arm64.deb Files: f9f4e0b14f969aeaa1ab5714f0d7c192 9704 web optional python-tornado_6.2.0-3+deb12u2_arm64-buildd.buildinfo ebfe973b095dd4582c2994a22a32c61b 4572 debug optional python3-tornado-dbgsym_6.2.0-3+deb12u2_arm64.deb 511215332bb8fb7cf550192e6b455970 338696 web optional python3-tornado_6.2.0-3+deb12u2_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEbIns2iWsAAdAqh2MS/ZIXkV8oLAFAmhAvWUACgkQS/ZIXkV8 oLBxABAAnAgOLq9RErAN8MtfYbIUiJGTlgXMQr85Vp0yNswXgTEsuqobaa/lVECd F50qW5HqHiEbRowGw6cM2zbG5g/+fV4KYzGg5RTPK5T94Goau45RwSwlevFgXfQP WM6O9VQc7UUm3bOmaX66mO4Wxey/b/a//zoieI2KMQ9S9R2nlOdoQRP7qIBNqiN5 ZGwKK5QfesBPNDYkgHAbKYeW9N5lm6krzssyp6bylIsYXbmCmw43NjTfKt/bWB4Y L08LmJSEc/+iOr3nW61zqO5iGp5zUaq+G+tyC5svDal+x3Nb+IWgi7bIwsTCzLU5 5hW30jFQFHquHEDAFHt8ME349/2gI+h92zye++kB9L/RJ5UytjLEakitkupFbaZj Wp7C0G59IYb5hL5FnI8ROw+SK7Achg6MMU4n6L65G1zzGFszdNDnAonLfMijKf/P b7/DnLqVojV0CPFXI9JXLCvltCmOVzfcFFliE/lFnm7zP/1Sj7FqcPzwVu2W7LQH IELCoLO92nyvt91iVz9Avek6BaIklDoQ8NoaSM5NN/ZkJ83yfIbYNuc6+INLfh7Y 8/kS3GAoBe2Kvg70y1RYVfxbpbwOsdF/vWlTlFlghZxD533kbPrT7EJySnMe2PQd ycxJRhoqq3pfCj1LUQxEJ4R2taZgrdLDz2yQZ+AByVnHNGVn0/A= =k84b -----END PGP SIGNATURE-----