-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 03 Jun 2025 13:27:39 +0200 Source: python-tornado Binary: python3-tornado python3-tornado-dbgsym Architecture: i386 Version: 6.2.0-3+deb12u2 Distribution: bookworm-security Urgency: medium Maintainer: i386 Build Daemon (x86-grnet-01) Changed-By: Daniel Leidert Description: python3-tornado - scalable, non-blocking web server and tools - Python 3 package Closes: 1105886 Changes: python-tornado (6.2.0-3+deb12u2) bookworm-security; urgency=medium . * Non-maintainer upload by the Debian LTS team. * d/patches/CVE-2025-47287.patch: Add patch to fix CVE-2025-47287. - When Tornado's 'multipart/form-data' parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous (closes: #1105886). Checksums-Sha1: d96f99ab1c2fd8f892ccd6f1722aa5c09fc32c11 9645 python-tornado_6.2.0-3+deb12u2_i386-buildd.buildinfo 7afca6d0f19ba290edeb057c6826daa6ec50b4fb 4220 python3-tornado-dbgsym_6.2.0-3+deb12u2_i386.deb b79a04a5f8e75f92d75ecc2ce1708f91737f45f3 338560 python3-tornado_6.2.0-3+deb12u2_i386.deb Checksums-Sha256: 99cdb4b7c976ab025300356a4695747dd5723370525f955220e9be169fe1a40b 9645 python-tornado_6.2.0-3+deb12u2_i386-buildd.buildinfo 6ec374c1f13d56a0ef4e1fd9719c4d76d43381687dda8e7c159c4ff9f8c7b0cf 4220 python3-tornado-dbgsym_6.2.0-3+deb12u2_i386.deb 64e2d82fc01bb1f9a71a0455bf07bf2f47d993c6d6194209a6aa99b2933532e1 338560 python3-tornado_6.2.0-3+deb12u2_i386.deb Files: 149a2cfbbe5c5335b805f3d6d27866ff 9645 web optional python-tornado_6.2.0-3+deb12u2_i386-buildd.buildinfo f819972d22325cfc1f90e7d0d5f34bea 4220 debug optional python3-tornado-dbgsym_6.2.0-3+deb12u2_i386.deb 43336d5a77d143ed026ddf7855d1d0ad 338560 web optional python3-tornado_6.2.0-3+deb12u2_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEv2qEY4xQXyY/2dWIvGw9w6VrLCcFAmhAvOAACgkQvGw9w6Vr LCeT2g/9GQ/+caKXXs+GUFrXl3kSZ6aF/+l2JsJRyBog4p4PVZBZdfBgFGjN07X4 rMHQfHNnaF0fwfv7kJN1DZnScsRg+wX2i7XwiTrWaRXfCS9QmG7fyp2M8/NfSBKK 7svoeJlL9XUOW56jN5k1foEaQOY+4h64dkzAhLKA9R2xEO6nu/deNbShtw4AUBW2 CfQKa0Ox0Dz+NcB7MwHsZuZ4vYX/cun6+gjnQZjl2CTC8PN/4E1UD2POOHaov6M+ I8YYNcfeoRUPMqdEHDSzo9Nu0jrYtsTuLeTm/zUWvzr8vNiMpNwCIssqfNmaF/EH MP7FWdkGZG4iq3FyqvBnhSrSbZWtSME0+kMhrROIgum4glMWNzW92nr7utXzvYDg HxlaLBcov6y6nanQP5DtIX9vYFe4mm+fp4ithbSOHaeX6VP4MBthVdKjn6Gafzfh KKXCH8L8z/iDLgP85zZlgdCRdqAkvyjoJLXOt32LE8vSH2Hw2mUsQUiQxpepyt8o CYDC//lwmLVhwFhfiHmQxcC6ume4cppQBJuA0pcw0NZP9A+1kY6cnLh5FIeYZPA7 3gdgo9cPnuEjhC6zcqc5O3GEIsbkCJAWZwyEmtkH6yEG1epLn/kDBifylRSj9x5N WXS0r4AqZXEHjW+hrAQK6wPY2nrhFSdftC6Dgg5eFM0bh0vSey0= =MbKO -----END PGP SIGNATURE-----