-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 31 Dec 2024 01:53:59 +0100 Source: python-tornado Binary: python3-tornado python3-tornado-dbgsym Architecture: armel Version: 6.2.0-3+deb12u1 Distribution: bookworm Urgency: medium Maintainer: arm Build Daemon (arm-conova-03) Changed-By: Daniel Leidert Description: python3-tornado - scalable, non-blocking web server and tools - Python 3 package Closes: 1036875 1088112 Changes: python-tornado (6.2.0-3+deb12u1) bookworm; urgency=medium . * Non-maintainer upload by the Debian LTS team. * d/patches/CVE-2024-52804.patch: Fix CVE-2024-52804 (closes: #1088112). - The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. * d/patches/CVE-2023-28370-1.patch, d/patches/CVE-2023-28370-2.patch: Fix CVE-2023-28370 (closes: #1036875). - Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL. Checksums-Sha1: fa628eddf84e72d0875c3b9987b9a5ec6924e6dc 9395 python-tornado_6.2.0-3+deb12u1_armel-buildd.buildinfo 268838f012d020418aba8a455e54c2ac257cc3a4 4536 python3-tornado-dbgsym_6.2.0-3+deb12u1_armel.deb 90cf87d1b3d9a4bf528a275d15f55030d7d7e53b 337992 python3-tornado_6.2.0-3+deb12u1_armel.deb Checksums-Sha256: 7e3f598631f083badf26db68583fa97948f999f1c4cca1b04ce246c3db0cca7d 9395 python-tornado_6.2.0-3+deb12u1_armel-buildd.buildinfo 013dcf3e4c91eb048db999ef514a50473810eae944ea7d64da637a6e84bd2f0b 4536 python3-tornado-dbgsym_6.2.0-3+deb12u1_armel.deb 9d5fd408004cf50c051253d0d7e0b7c1dd3b2b4abc8aa444e203a40c1563b968 337992 python3-tornado_6.2.0-3+deb12u1_armel.deb Files: 41a090fb2f86eaf52d5cad6372b85b1c 9395 web optional python-tornado_6.2.0-3+deb12u1_armel-buildd.buildinfo 20d48c40e233868d4cf368537d44d786 4536 debug optional python3-tornado-dbgsym_6.2.0-3+deb12u1_armel.deb f7212b46737386a696118cc34c401c96 337992 web optional python3-tornado_6.2.0-3+deb12u1_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEVM4SKBZumztS8zr3lST9Us03ywsFAmd4M5IACgkQlST9Us03 ywtj8w//QE9BNCk9JqEv2BM3Rt221fNMgQGenjNks6EJ6TVhDVENFuEg1eKT0rz/ D0HJl40wvr6ytz06ttYVIbG7ALCPJHB6dz52d66qN/1dNOo0/vmTGHfaAXpo1RLx fUPvtVuAwHwi3ZeDN3knQLamZ8GhBoUeAWqG2CJ7k0KiXgfdyFICQIlIQGgAIfxg 2vWcNP9JoWvZO0pT7AgsCLUQAYlzcqcSyEtvqCTgI4kOYpdJgnQfSrTsYrsYzv09 w58HLoNWk8BlRNGEqk4Mmf65viUHfsglusUByDxet5DP2vsar8IdPKNXJpuZehhr TO0q2nFBvd8JcXhndecWt+tDYhaewblGJnTEy4yCgZv/4INXT1NqsHo0z3wLX7RG lDU8bYrQN4/se41jcSNUM+8deiNZVqjoNtG5fEqWON2QgFt94c3+RebSPiPUBVon LvW86OPh1BAwV1fpT2euzSALW2ou76TPjKtkTFUt6XDOi2/hHjR1k4i0OYvj8IEa JIqQt9C5ULAjJhdltIWMEmNS4GuKZytUpbLAODKk4vwD9t1bHvNr/3s+AnhsYTgt VtC1NerZqATGfCysKzVh4vk2OkCcgsuLYpMUMAd/sdoWz+VevD6ZI+JBiG4eFYIx 9wG+gnsQrBH24J/enN1rcmKv6MJHUpRQQMjfX56KDmhfjbKlIhY= =BX/q -----END PGP SIGNATURE-----