-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 03 Jun 2025 13:27:39 +0200
Source: python-tornado
Binary: python3-tornado python3-tornado-dbgsym
Architecture: armhf
Version: 6.2.0-3+deb12u2
Distribution: bookworm-security
Urgency: medium
Maintainer: arm Build Daemon (arm-conova-03) <buildd_arm64-arm-conova-03@buildd.debian.org>
Changed-By: Daniel Leidert <dleidert@debian.org>
Description:
 python3-tornado - scalable, non-blocking web server and tools - Python 3 package
Closes: 1105886
Changes:
 python-tornado (6.2.0-3+deb12u2) bookworm-security; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS team.
   * d/patches/CVE-2025-47287.patch: Add patch to fix CVE-2025-47287.
     - When Tornado's 'multipart/form-data' parser encounters certain errors,
       it logs a warning but continues trying to parse the remainder of the
       data. This allows remote attackers to generate an extremely high volume
       of logs, constituting a DoS attack. This DoS is compounded by the fact
       that the logging subsystem is synchronous (closes: #1105886).
Checksums-Sha1:
 400b51f7e7eea72ba1b91496a1fb6bd08ac560f2 9548 python-tornado_6.2.0-3+deb12u2_armhf-buildd.buildinfo
 c65e79bd7a4d84912c3a860205955188ab6ef1e6 4572 python3-tornado-dbgsym_6.2.0-3+deb12u2_armhf.deb
 674b229ccddc6fec044a9194f61b22bbc225e545 338252 python3-tornado_6.2.0-3+deb12u2_armhf.deb
Checksums-Sha256:
 0eb897dbf001c3ab3f63301398c4c2d0e0897e246f0eda5de497cfc5b3ed6770 9548 python-tornado_6.2.0-3+deb12u2_armhf-buildd.buildinfo
 77941770c3aba80cfe28e6e752a2ff6c83bd24c72e008114a6b29d3ab605bdbc 4572 python3-tornado-dbgsym_6.2.0-3+deb12u2_armhf.deb
 e65a13cdc19ad04e610bfb7045c8f3f246c975ebc55d397e2d7a3ac9a1c3ead1 338252 python3-tornado_6.2.0-3+deb12u2_armhf.deb
Files:
 8c51d1eb1f7065ea831fd58ef43664a4 9548 web optional python-tornado_6.2.0-3+deb12u2_armhf-buildd.buildinfo
 04de2457963a8404f41d0d908d3e302f 4572 debug optional python3-tornado-dbgsym_6.2.0-3+deb12u2_armhf.deb
 a3ad079253ccbad9a1e9ca7b62a41f88 338252 web optional python3-tornado_6.2.0-3+deb12u2_armhf.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEVM4SKBZumztS8zr3lST9Us03ywsFAmhAvNIACgkQlST9Us03
ywsngg/7B0aewS2FxUFi1uebnEgpdRSVHH1LZCkyYDzpMvaH6Kty1lp1UKG2AeYH
yrlU0huVYgDdLDGlySJsgr4IoeYXHlyn/asfPOFWfTd2OfvheerhClALq1bN+dJZ
daPksrBqHFT9gYchQrZDjYvPkY3BQb5D5OkmYArHGxqpKnc/gLpCfiwc3DWIpq32
emQssMZbKLb7RZ//0Z85nh7gHQaWjsW+16e2Oc5r2usDb6ByVLvd59YUTH9lyLnA
YDE4FTNq2BvzxJy0OhOc1/+c7JhAs/DLd+mXsAuoIcaKlS5UrZFeYdefQ5c+oEW+
13fiwkJROBnJYk/aFbv09UAjC4hqIieDi7cQGWLwbdjtFk5ISHeggJ1rHRLtYp3d
id51dEYCPph60QkUl+qNuYMDmXg2iuPGHzlo1hThOs58eNyA7+oTs0+ELrv2Razu
lneYCIR+AAvVzuRIaJ24N4NGJeIyVj61CRrsgYCFeinkzU83Kg/0aU1wbv7Z66mf
7OUdMSIifDSKqcWQcZR/nYMlfIHajvg3nTYyg54Vqhdd+dUZdosqr0ZtmM7Mldpy
bb5hqNxkX7c/fc4BUetHnEtvyXTTlBCwwr8iUj9mp/HiN9UlYYh7YvFK0KwoJImn
UC0xyDpxxRCjV2NMr7cXZqMb0AsNpQorq/rnl/L7vbPfqMAu/9I=
=euEI
-----END PGP SIGNATURE-----