-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 31 Dec 2024 01:53:59 +0100 Source: python-tornado Binary: python3-tornado python3-tornado-dbgsym Architecture: arm64 Version: 6.2.0-3+deb12u1 Distribution: bookworm Urgency: medium Maintainer: arm Build Daemon (arm-ubc-02) Changed-By: Daniel Leidert Description: python3-tornado - scalable, non-blocking web server and tools - Python 3 package Closes: 1036875 1088112 Changes: python-tornado (6.2.0-3+deb12u1) bookworm; urgency=medium . * Non-maintainer upload by the Debian LTS team. * d/patches/CVE-2024-52804.patch: Fix CVE-2024-52804 (closes: #1088112). - The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. * d/patches/CVE-2023-28370-1.patch, d/patches/CVE-2023-28370-2.patch: Fix CVE-2023-28370 (closes: #1036875). - Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL. Checksums-Sha1: cdc42aa416f5b276985c400087ea14e0be896327 9521 python-tornado_6.2.0-3+deb12u1_arm64-buildd.buildinfo 5385bcd8bd709e8e76a1152dba6c309656f367f7 4552 python3-tornado-dbgsym_6.2.0-3+deb12u1_arm64.deb 14b78821d7092cd190ad992effccf59035bb9ee0 338428 python3-tornado_6.2.0-3+deb12u1_arm64.deb Checksums-Sha256: 4bdc0b10f50eb26bcaccbb21ab928753d189e85ed43a7b63c9a41c67fee3b4aa 9521 python-tornado_6.2.0-3+deb12u1_arm64-buildd.buildinfo 0aaa7039bd88f49a92078314a7e207f0ea32c315b408d0861401147079623657 4552 python3-tornado-dbgsym_6.2.0-3+deb12u1_arm64.deb bbdca2dd0c07e468d259248dda93b56d2113533520f82a5d1edcbde003fa4d81 338428 python3-tornado_6.2.0-3+deb12u1_arm64.deb Files: 317c9238466c2532cf21e2ede9bf82dd 9521 web optional python-tornado_6.2.0-3+deb12u1_arm64-buildd.buildinfo f10971dc4d3ffd6c9a58ec3fa1b79cf5 4552 debug optional python3-tornado-dbgsym_6.2.0-3+deb12u1_arm64.deb 29d635e3c0ab674f65a7c0c596299242 338428 web optional python3-tornado_6.2.0-3+deb12u1_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE9C4sZYDxwNo9XoUDaRWK3AIe28EFAmd4MVkACgkQaRWK3AIe 28E4mBAAkUQkUNc8ZZPYi8y9q2VewMyDR+TXTPo2WE9ISvMiQ16EvDdqil2jMVmn zl4d9t56DgR8fD80hJBmfoji0LbLg3var6hlrCevZbzAv7zG7PgYlpqRGQN0t3Ba yGHrT7caY8lDM51d1mqm69hOs3PGJvPVtSVPFiU5SiptHdulZIGBgiW1WHWK0G4B +P2yppW1MUosYQlFcWYWmKJ1KDkAjVyI2l8HuuIzSadtbg5tFwUtJwVAsQT78RLW RKKUc3uaKZ8itQuX6muR9xgjvrfJyH9onAvhXH7prH9GAx7F3guYCeF0gAWgtRbF 6v8G2enJfdCkg9+ZbhbbOamG1/bupsR6vJ2ebATRpNpU2OWgnZaWrszSBg0wCw81 /p62UeNffRys8kNZwF7snMQuKB1XpdPmQGHOs0FOITSV426ZCIeGs+FZe1+orHJQ ZrLDppOSJM1yu6pUsdhi3KqdnLJtgyeRp2I9t9RG5jBP5eoy/eptiUmlmFsEPxJg 9LB+I0JbVVORurkECEPqiT2Q51twdVyDjQsvkkGp1DM2gLlGRot8UHjCvrRWcHyX SmKnaCdswUlqzHhSuZfPlThRPEZfNjHNQB/N8DKkavJCE5+VlzUcr39WAeLpeVnY lK1afsTt/8GNBYZrkIJwGD5F6mpu8welE8P6kmKDPfa3aM7lOUA= =VmId -----END PGP SIGNATURE-----