-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 31 Dec 2024 01:53:59 +0100 Source: python-tornado Binary: python3-tornado python3-tornado-dbgsym Architecture: armhf Version: 6.2.0-3+deb12u1 Distribution: bookworm Urgency: medium Maintainer: arm Build Daemon (arm-conova-03) Changed-By: Daniel Leidert Description: python3-tornado - scalable, non-blocking web server and tools - Python 3 package Closes: 1036875 1088112 Changes: python-tornado (6.2.0-3+deb12u1) bookworm; urgency=medium . * Non-maintainer upload by the Debian LTS team. * d/patches/CVE-2024-52804.patch: Fix CVE-2024-52804 (closes: #1088112). - The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. * d/patches/CVE-2023-28370-1.patch, d/patches/CVE-2023-28370-2.patch: Fix CVE-2023-28370 (closes: #1036875). - Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL. Checksums-Sha1: 3b59ae4ccff4e2d918903a5270250cf593212f76 9397 python-tornado_6.2.0-3+deb12u1_armhf-buildd.buildinfo d76191fe36cb828aed80526ad4cd1c8bfecc28b7 4568 python3-tornado-dbgsym_6.2.0-3+deb12u1_armhf.deb 89b7912d8660455f3352b3dff3770b7b5bcd8ae2 337944 python3-tornado_6.2.0-3+deb12u1_armhf.deb Checksums-Sha256: 4464a606bdbff388bd2addc55dd7a81ad83449c84261ecee3e152464e3d0c10c 9397 python-tornado_6.2.0-3+deb12u1_armhf-buildd.buildinfo 3dd898911168342e28769c213abf7af3279e9a670e7ad74f7d66367d4081df56 4568 python3-tornado-dbgsym_6.2.0-3+deb12u1_armhf.deb 7decfbf6529b7985adb204181664bd64882b4d8a25895103b7ce113cec2d0e74 337944 python3-tornado_6.2.0-3+deb12u1_armhf.deb Files: d9578d8457b73e36bf33f33f057a7515 9397 web optional python-tornado_6.2.0-3+deb12u1_armhf-buildd.buildinfo 38e85f702946b396ad8fc21c8ea548a6 4568 debug optional python3-tornado-dbgsym_6.2.0-3+deb12u1_armhf.deb efd70b388e9238b850631303e2cde134 337944 web optional python3-tornado_6.2.0-3+deb12u1_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEVM4SKBZumztS8zr3lST9Us03ywsFAmd4MksACgkQlST9Us03 ywv/sA//ZjKO4faR/8z43SGf7Lu40pSpyjQysS2XhiS201d2akzJLB0XFiIY2nDG DFOJrh4SUgnuguINo01Zy8gYEnXJH8oXFLR/HfqvtfCuWqVvt9uV/W2V1npJLOcI +PRTN/o43wsv/s7F1OInOH4rxR8iHlB3f4qlyFwNlGpaX2XWOZr3xE/vbJ3m7giE dpyXU7rAmxT3CkDoIJImiB/kpOOUd1XonucINN+czuP53dKXbX5b04Hd03NBhKxq uvTVj+FY8s3fxd8L9p/ftPuPzEGk21Dm7R8+OPxWPzRVw8aHRIiJ3+4qdTsspJZi z4jPzmsGHDLTvpsgJc4o9Lpm0n7ghwXroSL31ef5XNHoODQ7gg5o9pKYxXmzVY8m tL6RCK3x6YTuCad3zvhZo5Z4gfOXlnpHPf4ljaXfSpjei0qud4av4uCCzt1qLD3W VpjTcAJJD3C2BMV9I9Y0Qu7Ec5itEchi7rFojV1BMbeg3XGol3FM+cDB5Vinh6+/ tVj5+ox0/YyAamsUPtmEJoCt3LDwENZWm1crvkbrmH76LgTiorzmBDUxZtFA4qm+ BvXc/BiUGN4hEol4wL3z5ZbN47tZvGW76jRZsFthFfLf/XdxBLgV5zO1KjhFVbfd 6xta/rTVmk9m3E7jPO74cqf4yd0hqxCUM3vEA3aJCPYGW/f6n60= =To0+ -----END PGP SIGNATURE-----