-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 31 Dec 2024 01:53:59 +0100 Source: python-tornado Binary: python3-tornado python3-tornado-dbgsym Architecture: amd64 Version: 6.2.0-3+deb12u1 Distribution: bookworm Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-grnet-03) Changed-By: Daniel Leidert Description: python3-tornado - scalable, non-blocking web server and tools - Python 3 package Closes: 1036875 1088112 Changes: python-tornado (6.2.0-3+deb12u1) bookworm; urgency=medium . * Non-maintainer upload by the Debian LTS team. * d/patches/CVE-2024-52804.patch: Fix CVE-2024-52804 (closes: #1088112). - The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. * d/patches/CVE-2023-28370-1.patch, d/patches/CVE-2023-28370-2.patch: Fix CVE-2023-28370 (closes: #1036875). - Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL. Checksums-Sha1: 98027653c25761df1b25711267c8d54944d009d0 9522 python-tornado_6.2.0-3+deb12u1_amd64-buildd.buildinfo eb27e0ab6baa6926031a4950b809e8f7c5f3e207 4432 python3-tornado-dbgsym_6.2.0-3+deb12u1_amd64.deb b81efeb4fd45ede0d9b3d83cccad5644c39efaaa 338240 python3-tornado_6.2.0-3+deb12u1_amd64.deb Checksums-Sha256: bdc83c7ebe21006b4ba6561a97a76975eca739c1402a3073076c9794284bc8bb 9522 python-tornado_6.2.0-3+deb12u1_amd64-buildd.buildinfo 88560fd3563191f84b6bc4dfb291d660196079f95927bf528480ed43a7e59197 4432 python3-tornado-dbgsym_6.2.0-3+deb12u1_amd64.deb d58f3ff3bf87c14c09e6fcde825fe8dac3d7c3d328e2a33cee1147be373d31f9 338240 python3-tornado_6.2.0-3+deb12u1_amd64.deb Files: f22b063437d003f1909e0bf0f7ef6af1 9522 web optional python-tornado_6.2.0-3+deb12u1_amd64-buildd.buildinfo e5461c8a79b1b3bc6872de593b5f64eb 4432 debug optional python3-tornado-dbgsym_6.2.0-3+deb12u1_amd64.deb e7e226bd0e9581b094ce6dc6808b6b2a 338240 web optional python3-tornado_6.2.0-3+deb12u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEe8x49oT2k+seQstpgDm7h4zfCpIFAmd4MaIACgkQgDm7h4zf CpI1SA/9Ght1uyyzhGA03brUKm9m0KXaJrcgdmg8JUHHyqmEsU/U7sWQa2JI5vxc xkkI4gMUd/Iixse1OM9KQ3y7NIEpP17oKvvAPiN4+5rM8LROc3+k7MOnJcxsmtzq xwxWMkL/y4yCKN+Wj7C8UpK3LRaRmjBhmZ956BNw8fnMtF/x4++AZZqIlXWnl0Sy +ogneRCb+yESuiRTBaux2/sNVG/rCTmCV1fn3WYPfI/G66/7Hi7fyntsvSeKHXJT bh+cFe1+Sk3E3do0jflyJcau4iVkJS79RaejpzVilH+q6rgmb9oECaHik9Dv6LLY Lpa2i2wojb4yHDw7BeWOHtuuqAqwC7oO/slobYeu8PS7aNzFm13BTBOZAgvs4+eE Z8UMIyIGb4B/X/br9SthKo2h/CMRLSnIHnOKNI2mdXsSPptlUuZooavKSbwgM4ma zaaj+o5sONifXMiH7mIZg9zPNGTAynvW6cUz3Ae9joTiYOYBHKrbMY4EnF4JvHuh mEzxi/cgTLLJYK9vmk9EuYAB+e+K6D+vnBKZISGL6C69CieFCngmLzZxMUY3oiIv bxP8H4knlBs2Nh5XYTKoaEqMtCAAS4EEa0ZAonZHIZ4JhgBK00FP7HQ/gyC+RGv4 TcAQc9rGXSywTZ2LP0pBhIrhjskJ10pIJWtM2FvNOr3xD9uJUhI= =JYf1 -----END PGP SIGNATURE-----