-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 03 Jun 2025 13:27:39 +0200 Source: python-tornado Binary: python3-tornado python3-tornado-dbgsym Architecture: ppc64el Version: 6.2.0-3+deb12u2 Distribution: bookworm-security Urgency: medium Maintainer: ppc64el Build Daemon (ppc64el-osuosl-02) Changed-By: Daniel Leidert Description: python3-tornado - scalable, non-blocking web server and tools - Python 3 package Closes: 1105886 Changes: python-tornado (6.2.0-3+deb12u2) bookworm-security; urgency=medium . * Non-maintainer upload by the Debian LTS team. * d/patches/CVE-2025-47287.patch: Add patch to fix CVE-2025-47287. - When Tornado's 'multipart/form-data' parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous (closes: #1105886). Checksums-Sha1: 9321208b2a00b2745a9142b022b56f2142251a67 9717 python-tornado_6.2.0-3+deb12u2_ppc64el-buildd.buildinfo 1114bd6988e94ca6e36d085abd3f86be9662b0f9 4572 python3-tornado-dbgsym_6.2.0-3+deb12u2_ppc64el.deb 7f1e2e3d3d932216c3c6ac1f80db78dac3802c80 338832 python3-tornado_6.2.0-3+deb12u2_ppc64el.deb Checksums-Sha256: 122de8ea594ab494b4b6e0a9aa1fa9dfc6186e71a2dbd36254e8f153f1a23aae 9717 python-tornado_6.2.0-3+deb12u2_ppc64el-buildd.buildinfo 432580e5ab173f75ed979e19377c389f8f40a1101c053b33d48dd705dc8d5ecb 4572 python3-tornado-dbgsym_6.2.0-3+deb12u2_ppc64el.deb c7b270ca8d946851e44012186ff5267e58bf3a14b4d71dc6de5ec44296aeef1a 338832 python3-tornado_6.2.0-3+deb12u2_ppc64el.deb Files: 0166b8dc9806c0207b41d6177b7eff11 9717 web optional python-tornado_6.2.0-3+deb12u2_ppc64el-buildd.buildinfo 9a3582964745ce5defd127ae0b20f3da 4572 debug optional python3-tornado-dbgsym_6.2.0-3+deb12u2_ppc64el.deb 62632ec18f61d46d68f926f7e83570ad 338832 web optional python3-tornado_6.2.0-3+deb12u2_ppc64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEYo4fOZBRi9qmvTxH1PowSTJ8+YQFAmhAvMwACgkQ1PowSTJ8 +YSEExAApqgMuz1kOzWC463AfKU9V6Hxirz1LH13NuokLpdcHybEfaB4qeRo5SaA 7Wde9RWPL0dRoBUtZPsYswlOHhWB0/aYRFgf+duU5IKPCNuuJMCRG8H1T5dX+wK/ 1LMIr6Ps8pS9LDPCDdkrLDooDfYpz1kpBulPpNE5scwhFzZuvIhJFSFC8HQR94J9 TMHn/YtItuBFrgxMOVdm1rS7mJxbeUG5HidVBNNW6TFcFQWO2Pa9Inz5gm/DEV0B mFQ/AtyFOh44bxG4vS6a+nAj8sLJFGIk7FAX8p3y/DxTY2So17UcrQmtbXxFehPU gzF/Kmak6PVAldko+9nShBFrzF616fMeD4/yxHeUtNq9e0uIIjvcFuqj/Er2P9Jw qaXfWLJVpSwHRVqBFzpbKpQXFpg8kpIO4BSv2yIq93nwWOaWYFGDlm/TE2F2NApX q4JDLQr4d2qF3WdjL1zGqW5279o0waaLSbrMTBxtigLWv+DsCJ40QVYEJQ/lWkeW HStLghSAuhgT3oTZdUJE624nCl6oKOnODQnPVNrRTAyS/2onVx70/7bVFN/DNxmR pbhdtyysQfrPhUOyRw+RD5OgNCXNWWQ9mbyYNpm99VZS1Pbq///rPefafSM6N0Oy zNKkTbfyAcXo3EEN6ZKRwlBuXHfo2I6YjTxAHuBo7cTZmyw5ItE= =qEvn -----END PGP SIGNATURE-----