-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 03 Jun 2025 13:27:39 +0200 Source: python-tornado Binary: python3-tornado python3-tornado-dbgsym Architecture: s390x Version: 6.2.0-3+deb12u2 Distribution: bookworm-security Urgency: medium Maintainer: s390x Build Daemon (zani) Changed-By: Daniel Leidert Description: python3-tornado - scalable, non-blocking web server and tools - Python 3 package Closes: 1105886 Changes: python-tornado (6.2.0-3+deb12u2) bookworm-security; urgency=medium . * Non-maintainer upload by the Debian LTS team. * d/patches/CVE-2025-47287.patch: Add patch to fix CVE-2025-47287. - When Tornado's 'multipart/form-data' parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous (closes: #1105886). Checksums-Sha1: 432537beedfe6386e5617962651a7541d5ff4924 9592 python-tornado_6.2.0-3+deb12u2_s390x-buildd.buildinfo 2fb161be1d35010b7a0fb4427b337c2dd787195c 4376 python3-tornado-dbgsym_6.2.0-3+deb12u2_s390x.deb acfbe82a936b48a8826f95441b574137fcbfeb8c 338416 python3-tornado_6.2.0-3+deb12u2_s390x.deb Checksums-Sha256: 693d4906b02ff7c91769e3317c7b268b00efdb9b6ee11a53f28919ff04ca6962 9592 python-tornado_6.2.0-3+deb12u2_s390x-buildd.buildinfo 44618f15596eb6d62ba25a67d37af9dd89e1011be450c16b6d0a04f7629db817 4376 python3-tornado-dbgsym_6.2.0-3+deb12u2_s390x.deb 4bfaf777999c539c73d8b99517adf08500147bef29ffcb0bb709d60da8167c7c 338416 python3-tornado_6.2.0-3+deb12u2_s390x.deb Files: 029fc9959a14f26c18775253f80d2104 9592 web optional python-tornado_6.2.0-3+deb12u2_s390x-buildd.buildinfo 4a746f4c0d6d2f1c08371dbb5eaaa0d6 4376 debug optional python3-tornado-dbgsym_6.2.0-3+deb12u2_s390x.deb 05970b16283e597b2680d550ec51c434 338416 web optional python3-tornado_6.2.0-3+deb12u2_s390x.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEZTC4/c20pi1/n7UBUhVQ83ojQ7QFAmhAvLMACgkQUhVQ83oj Q7TX5xAAzlmXAEmOfQTW851atWU0epv0SWE0ywLwUgsmC7WvQMI+J5mLfYvqUEb/ Cusvc2fIZUeNDzUIynH32UjJMqwGlbXWK/efVa7YRGQwxVcBCoAaVCkyaqO8Eif3 u0BrwowQYP3PIXZzSy3xfIKrmUKhZVOkcbiuVlGlPlTYor57WOYnP82W60b6U7Qi 3GBiiIkzm8Bja69CUoJmKwyEWIXejTzVs8g9Mbfc00qfTtnrPRglCp3My+ezpEv/ Itol8sQqrOLGg/Gib6FyvuB+/j78jk5KhXot/fklAhGDc/qHd+xAB5BRcgsQzPn6 QatQZe3YWZs/zKZiEik4VeObP2q10AirNdzYkCHIHKSFX624JF4FhZ6XLCziWALp QJae4/qjmNFAmtDqjxRMnRCo36RmAAa5WHh5geHPDlN6R/EkZAGvjNNXdKrJp3D0 ++QKLRt+AH6s+Uded/o9bU06C+3jMGpisJ8t2usHnOyAicZDaVbvvgVKOeRFEv/U xEBOBDo1As3p7txPizh/gskSYfA5VpDnbGv0Gu9HuDhItQoMX5hLamFJvtkv9FDe fodi0L93LL3KQTQDyaa7QotSwBPUTxlUjPOTD4VO6QtMJbkFtArc/FaED3dq1dbT lK6OJHbqgW9XcCWOwgIog+jqFYHB5YbGV0V93upXnaS7jidZoxQ= =8iP2 -----END PGP SIGNATURE-----