-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 31 Dec 2024 01:53:59 +0100 Source: python-tornado Binary: python3-tornado python3-tornado-dbgsym Architecture: s390x Version: 6.2.0-3+deb12u1 Distribution: bookworm Urgency: medium Maintainer: s390x Build Daemon (zandonai) Changed-By: Daniel Leidert Description: python3-tornado - scalable, non-blocking web server and tools - Python 3 package Closes: 1036875 1088112 Changes: python-tornado (6.2.0-3+deb12u1) bookworm; urgency=medium . * Non-maintainer upload by the Debian LTS team. * d/patches/CVE-2024-52804.patch: Fix CVE-2024-52804 (closes: #1088112). - The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. * d/patches/CVE-2023-28370-1.patch, d/patches/CVE-2023-28370-2.patch: Fix CVE-2023-28370 (closes: #1036875). - Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL. Checksums-Sha1: 19e55bdf2f5e78346831b100b9c2a2d2d18b243d 9417 python-tornado_6.2.0-3+deb12u1_s390x-buildd.buildinfo 7c95714375fa7522a359526ea51f1b784c2286db 4364 python3-tornado-dbgsym_6.2.0-3+deb12u1_s390x.deb 44704252b7bce37c95b46246ee3b35a86113d7dc 338156 python3-tornado_6.2.0-3+deb12u1_s390x.deb Checksums-Sha256: 6c74a78670870a95444b89bbfabd81bc354c8acf1afd0d2ea39be79b1136eb0c 9417 python-tornado_6.2.0-3+deb12u1_s390x-buildd.buildinfo 4aa6384c177b270bab1de7ab4f3ea908d750866a1fb0245cb5a41b0ced1aea0a 4364 python3-tornado-dbgsym_6.2.0-3+deb12u1_s390x.deb bec9b59ae4c2a45c6fc67893ca0070aa196c07a6d48b6a3b0e023e3ee8335e62 338156 python3-tornado_6.2.0-3+deb12u1_s390x.deb Files: a626f1c570ff325154a78c879870d919 9417 web optional python-tornado_6.2.0-3+deb12u1_s390x-buildd.buildinfo db21cf0b17320626f62a5658762e0111 4364 debug optional python3-tornado-dbgsym_6.2.0-3+deb12u1_s390x.deb 203b2fb0b72b6556c8fb313e2c30719c 338156 web optional python3-tornado_6.2.0-3+deb12u1_s390x.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEu0D/YpnnSxv8epH9AKOyQzsWVasFAmd4SLMACgkQAKOyQzsW Vas2ixAArV9pbOd/9F2uVBsELEaI47u7JRP9XMKbrJgBh8vE4UpND9RnlpYbbcq1 E7hELoSrVvrxRitOmPM1uK+NtXkN01yHGBikgFtcDIkb77x6u64ProJ753NYWzUr BSKKJYTjNivW4f6C+7clCH4cUqU0gMbpQ4WhEYFG+3rwhOw/VWO0kmv3IpPK9Vzi Ew6cCkgNmQlaKLWReZNvBi8iQEhi6i96KULHBhfBsRphEjdgy4UFBsmY7NFxamJM StyUIeMdV+EUXtDKcCyyxHh1D0rHW5WWupIE7Daw2c0Ww0tsZAa6gHLsz8PyJyvm GYSzOQMM76F7JnsVlG09LjXCiZ9ebkr74D8H/BL6Nxc10Z1vRPXyKRmkrFJWorH8 OKIjoNekf5od3zZ+OloXej4e6rxrk9hiq0rgZCQmg2qOakLayR/QaH1cm3ID2MVv ZezSr2YhKdpwvbcyKs8+bmXiaThPRGhrIQ76HFu1YMRdnzFFz8CrjnSmrSHVeexM 3i//SLXxCM0dodzjk6NW7mE7BNjglzB4MDDJSCq1QP1olI1HrNnAMWiaDd9D13PU Nz/y+Y2dIUN6EEApiJABwYfwwS5KYH+WGGF14V2lGUuiX0WNt3mINrUhTUPT0Pxn h+h+VS00Nh/hHi0zLWNB/4MgdFOTdJxJQgWMzbgOYg+CFHCzV7M= =WAOP -----END PGP SIGNATURE-----