-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 03 Jun 2025 13:27:39 +0200 Source: python-tornado Binary: python3-tornado python3-tornado-dbgsym Architecture: mipsel Version: 6.2.0-3+deb12u2 Distribution: bookworm-security Urgency: medium Maintainer: mipsel Build Daemon (mipsel-osuosl-04) Changed-By: Daniel Leidert Description: python3-tornado - scalable, non-blocking web server and tools - Python 3 package Closes: 1105886 Changes: python-tornado (6.2.0-3+deb12u2) bookworm-security; urgency=medium . * Non-maintainer upload by the Debian LTS team. * d/patches/CVE-2025-47287.patch: Add patch to fix CVE-2025-47287. - When Tornado's 'multipart/form-data' parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous (closes: #1105886). Checksums-Sha1: 2507cd805a3a357d0c5ed1daf7cd637ac65bc576 9486 python-tornado_6.2.0-3+deb12u2_mipsel-buildd.buildinfo 0af761aafef16b3e4d299d31b5db33121e16ea3d 4540 python3-tornado-dbgsym_6.2.0-3+deb12u2_mipsel.deb a869f8e3d4435c5a3ad23fda13cd1477f3d574f3 338596 python3-tornado_6.2.0-3+deb12u2_mipsel.deb Checksums-Sha256: b2b8b18684f0bbef83ed37496107691ae5ed2db6db0e30e71242fceb5ebbfadd 9486 python-tornado_6.2.0-3+deb12u2_mipsel-buildd.buildinfo 316f54c80b16a991a50bac8a0aba3d4c4303151deb5969ecdc9c0f0922a6d0b5 4540 python3-tornado-dbgsym_6.2.0-3+deb12u2_mipsel.deb 7db10cf5c41f915d999521888c911d7fc86de3d6ced14c1d675280f58f770510 338596 python3-tornado_6.2.0-3+deb12u2_mipsel.deb Files: 60d4555cd4b09cee9d9aea88269d2a28 9486 web optional python-tornado_6.2.0-3+deb12u2_mipsel-buildd.buildinfo a1c6c58628e7804b877d62100bde3e27 4540 debug optional python3-tornado-dbgsym_6.2.0-3+deb12u2_mipsel.deb 3dbf45a78d4e6453c5a0e7994b06d4cc 338596 web optional python3-tornado_6.2.0-3+deb12u2_mipsel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERbXMbY9VMQqnSaVEV4aVsMglzVcFAmhAvhUACgkQV4aVsMgl zVcz+Q/+PBcRXsDWHOT/IOf7l+XTFL3LlF9cOByGZoODYA/adb3Xu9l1Qj23GHbR nDgY3M+MnBvkwlSW6q8wGrwJZGXQa1LxDn8iFuDn6zqqNL8HK8sjLOsmjYDOyT5g wbRzNBufxgmoHL2qv2nLOdZpWgfbWUOilG0ghj29TEGbbutqNC1iYFODMwFgThIs TFBVeRS5mrDpHcP+vTmHkAyl3GrOdOo23Eq4fbubMIpWZOduOnUQW+JVyvvmJyPz gtcpckRi1pDkswucLKSgXynmCiVW9kdUlHHylvWwPYVwFChyTCJgMUuFUOC62HNK 39upNLrJ99LAuLLwYqzGcmS949YhG+WKSxxfW1tkI3ZES0KA7Eyg3GxUGxKSGq6u G4tz7bmuTTSuFM7gthtlqRW66zNil5jYdW9M0usIpF2kr88aFD8Cb52mlJFoQxkq rYl4U5/gJAXk2BlKN/IMesTQMYtecRRXpUKeKdNQytDEiPTiZMKrxvjvsr05EUuw ywUJr+PA6FgGBe1F2rdNqdDlhl4ah/5iPdhDRJGAp+kbiAXqJ7bzfd/S/xSmFubL XUagow7WWaiYEqHgwGT3QV0kmnaJo8dXTFsmjE7R36QUHuQGvsCiTjuPbsHHBvb4 k9CGvBHsbUY3KiVj6Fr+5n8vCT0dmqqRD2ahiBA/wZxoBrr8zGo= =Fc77 -----END PGP SIGNATURE-----