-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 03 Jun 2025 13:27:39 +0200
Source: python-tornado
Binary: python3-tornado python3-tornado-dbgsym
Architecture: s390x
Version: 6.2.0-3+deb12u2
Distribution: bookworm-security
Urgency: medium
Maintainer: s390x Build Daemon (zani) <buildd_s390x-zani@buildd.debian.org>
Changed-By: Daniel Leidert <dleidert@debian.org>
Description:
 python3-tornado - scalable, non-blocking web server and tools - Python 3 package
Closes: 1105886
Changes:
 python-tornado (6.2.0-3+deb12u2) bookworm-security; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS team.
   * d/patches/CVE-2025-47287.patch: Add patch to fix CVE-2025-47287.
     - When Tornado's 'multipart/form-data' parser encounters certain errors,
       it logs a warning but continues trying to parse the remainder of the
       data. This allows remote attackers to generate an extremely high volume
       of logs, constituting a DoS attack. This DoS is compounded by the fact
       that the logging subsystem is synchronous (closes: #1105886).
Checksums-Sha1:
 432537beedfe6386e5617962651a7541d5ff4924 9592 python-tornado_6.2.0-3+deb12u2_s390x-buildd.buildinfo
 2fb161be1d35010b7a0fb4427b337c2dd787195c 4376 python3-tornado-dbgsym_6.2.0-3+deb12u2_s390x.deb
 acfbe82a936b48a8826f95441b574137fcbfeb8c 338416 python3-tornado_6.2.0-3+deb12u2_s390x.deb
Checksums-Sha256:
 693d4906b02ff7c91769e3317c7b268b00efdb9b6ee11a53f28919ff04ca6962 9592 python-tornado_6.2.0-3+deb12u2_s390x-buildd.buildinfo
 44618f15596eb6d62ba25a67d37af9dd89e1011be450c16b6d0a04f7629db817 4376 python3-tornado-dbgsym_6.2.0-3+deb12u2_s390x.deb
 4bfaf777999c539c73d8b99517adf08500147bef29ffcb0bb709d60da8167c7c 338416 python3-tornado_6.2.0-3+deb12u2_s390x.deb
Files:
 029fc9959a14f26c18775253f80d2104 9592 web optional python-tornado_6.2.0-3+deb12u2_s390x-buildd.buildinfo
 4a746f4c0d6d2f1c08371dbb5eaaa0d6 4376 debug optional python3-tornado-dbgsym_6.2.0-3+deb12u2_s390x.deb
 05970b16283e597b2680d550ec51c434 338416 web optional python3-tornado_6.2.0-3+deb12u2_s390x.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEZTC4/c20pi1/n7UBUhVQ83ojQ7QFAmhAvLMACgkQUhVQ83oj
Q7TX5xAAzlmXAEmOfQTW851atWU0epv0SWE0ywLwUgsmC7WvQMI+J5mLfYvqUEb/
Cusvc2fIZUeNDzUIynH32UjJMqwGlbXWK/efVa7YRGQwxVcBCoAaVCkyaqO8Eif3
u0BrwowQYP3PIXZzSy3xfIKrmUKhZVOkcbiuVlGlPlTYor57WOYnP82W60b6U7Qi
3GBiiIkzm8Bja69CUoJmKwyEWIXejTzVs8g9Mbfc00qfTtnrPRglCp3My+ezpEv/
Itol8sQqrOLGg/Gib6FyvuB+/j78jk5KhXot/fklAhGDc/qHd+xAB5BRcgsQzPn6
QatQZe3YWZs/zKZiEik4VeObP2q10AirNdzYkCHIHKSFX624JF4FhZ6XLCziWALp
QJae4/qjmNFAmtDqjxRMnRCo36RmAAa5WHh5geHPDlN6R/EkZAGvjNNXdKrJp3D0
++QKLRt+AH6s+Uded/o9bU06C+3jMGpisJ8t2usHnOyAicZDaVbvvgVKOeRFEv/U
xEBOBDo1As3p7txPizh/gskSYfA5VpDnbGv0Gu9HuDhItQoMX5hLamFJvtkv9FDe
fodi0L93LL3KQTQDyaa7QotSwBPUTxlUjPOTD4VO6QtMJbkFtArc/FaED3dq1dbT
lK6OJHbqgW9XcCWOwgIog+jqFYHB5YbGV0V93upXnaS7jidZoxQ=
=8iP2
-----END PGP SIGNATURE-----