-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 03 Jun 2025 13:27:39 +0200 Source: python-tornado Binary: python3-tornado python3-tornado-dbgsym Architecture: mips64el Version: 6.2.0-3+deb12u2 Distribution: bookworm-security Urgency: medium Maintainer: mipsel Build Daemon (mipsel-osuosl-03) Changed-By: Daniel Leidert Description: python3-tornado - scalable, non-blocking web server and tools - Python 3 package Closes: 1105886 Changes: python-tornado (6.2.0-3+deb12u2) bookworm-security; urgency=medium . * Non-maintainer upload by the Debian LTS team. * d/patches/CVE-2025-47287.patch: Add patch to fix CVE-2025-47287. - When Tornado's 'multipart/form-data' parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous (closes: #1105886). Checksums-Sha1: 4df0cdf00b87bac7d2b546b9473115e79c3bef92 9509 python-tornado_6.2.0-3+deb12u2_mips64el-buildd.buildinfo 8674a2129aa8dd0c952258bcbc7e3f097d1cea6c 4744 python3-tornado-dbgsym_6.2.0-3+deb12u2_mips64el.deb 1d922ac97c6472901a6d2c36f1f2ce5aca469281 338828 python3-tornado_6.2.0-3+deb12u2_mips64el.deb Checksums-Sha256: d0c54a590108cf2f8f05482c9d4909a8b091102465c37f8a8eb6903ba65ba9d1 9509 python-tornado_6.2.0-3+deb12u2_mips64el-buildd.buildinfo a114b913dd2197b6b22d854adbf7785dc6d4271afa5533caedc56939f4fa2c7b 4744 python3-tornado-dbgsym_6.2.0-3+deb12u2_mips64el.deb ee9c4ebeafaeb3e952a503b9e461dacd6e75a76697f4106441dfa5fc5e704df4 338828 python3-tornado_6.2.0-3+deb12u2_mips64el.deb Files: 3e93b6a57554b6c6320f1013b83dcb25 9509 web optional python-tornado_6.2.0-3+deb12u2_mips64el-buildd.buildinfo 2f6f5a48ad7f95a2b8baf9b082f9e340 4744 debug optional python3-tornado-dbgsym_6.2.0-3+deb12u2_mips64el.deb c2ff5500448e8cceadc6c6b0001d0b08 338828 web optional python3-tornado_6.2.0-3+deb12u2_mips64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEesE3YcWKZXIkRPMemf85J+x5/aoFAmhAvZQACgkQmf85J+x5 /aoWyw/8CF93WBprpRKpSC1hoDhwLCgA9ko1R407xMpWSr+TOvC6AR3Y3xAwPFiE truT0HIRF5u/JyVTHZDeO1RUVSBmWhx9GaE2NwLLRZQewi6jICGwKI2w4v8muRfM V/6pPja6YiSLbIhxakHT39jut8Qjasdd9VIYkgXJl1se8rdU9HxqapBOoGxabnhq I+j7mqV3QS0tbPFw4DbcUe8zpnl+awvyLeIcPGoMZziv6FK1/lh+CcKU6d3ngjqT pO5nVH0mdc0s2oiBlZ0QJVZw6NktMH3gVfGGK2+e25iJcqonVhKTYsYgJXMxa+Jz nAJrbD1E8nUs0CSlBtKYLW3clN1MB+PR1t3TmT08hOcP1KUhYU5PNmdLE0DLox10 oJSI3gZqMPOEpw6MtxY6a5kctAwEdupx5oYwIg4aotvCKkuZ6PEzHqmqWuHDKD89 JK2w1qa/44NFYxtTBcKPvz2dpPx+a8IwqAjCIVCNSkX4nnbWnZWIcy+iz2L//5XF 2m9YpgyuWgc0H54phIt/owkhLr0TpWftPbL19e8WFZ2j3k1OcLzrdHQLjJiJR9rO wd34Ja7j5ozKQC/7A9GRfizq5Y68ehCImK4n4IIz3eikqLPzwN6xl9s+StCaxzmd 5jQMrmZuKF5KRLYwCyQ1v3MgsTthyp3lw1Ws5CO6/YBCJpsAPMA= =Bmb7 -----END PGP SIGNATURE-----