-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 31 Dec 2024 01:53:59 +0100 Source: python-tornado Binary: python3-tornado python3-tornado-dbgsym Architecture: mips64el Version: 6.2.0-3+deb12u1 Distribution: bookworm Urgency: medium Maintainer: mipsel Build Daemon (mipsel-osuosl-05) Changed-By: Daniel Leidert Description: python3-tornado - scalable, non-blocking web server and tools - Python 3 package Closes: 1036875 1088112 Changes: python-tornado (6.2.0-3+deb12u1) bookworm; urgency=medium . * Non-maintainer upload by the Debian LTS team. * d/patches/CVE-2024-52804.patch: Fix CVE-2024-52804 (closes: #1088112). - The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. * d/patches/CVE-2023-28370-1.patch, d/patches/CVE-2023-28370-2.patch: Fix CVE-2023-28370 (closes: #1036875). - Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL. Checksums-Sha1: c11f0835be235d7f63ec550288c42889a641a95b 9398 python-tornado_6.2.0-3+deb12u1_mips64el-buildd.buildinfo 1f494c618b3a91d319a9ffead8ce632e5ae77a7b 4732 python3-tornado-dbgsym_6.2.0-3+deb12u1_mips64el.deb f6bfc069db0278df7b5a2c78c6a56a6121980985 338504 python3-tornado_6.2.0-3+deb12u1_mips64el.deb Checksums-Sha256: c34603104a1917d20bd83ba556cae44d16ab474cc92ab9061fb6a9643c4267aa 9398 python-tornado_6.2.0-3+deb12u1_mips64el-buildd.buildinfo 811043758a6c6b5d88daa5215cc3808c378632437f08fe1b25ce11ec9715f7d9 4732 python3-tornado-dbgsym_6.2.0-3+deb12u1_mips64el.deb ac868d6e86b4423ca74347d9e7db2160fb5b3ffbfad40a1060d5f2baccfbfa0f 338504 python3-tornado_6.2.0-3+deb12u1_mips64el.deb Files: ba495746e0415ea39acc79789987e971 9398 web optional python-tornado_6.2.0-3+deb12u1_mips64el-buildd.buildinfo 31c15c8764292f8fd338c3c13f7f7531 4732 debug optional python3-tornado-dbgsym_6.2.0-3+deb12u1_mips64el.deb 0790fe876a1a0b516a737cb1a89baa7a 338504 web optional python3-tornado_6.2.0-3+deb12u1_mips64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEuQAPGkYIXAAfq7z1C2Vm2FYVKKAFAmd4eqkACgkQC2Vm2FYV KKAdgA/9F+Id6PwI64bPq0cCS59AuNr9Es/eqegC4+FKvtxEA4mnXO6NSqm879aR zMqga7+AU90AmWcBwVnM+HmCw9ror1wVne8AXnRghPe1wFGVkHQZtokeAn8qi5gz 1TfjYjgcmxZYue88D8vG5J+nKaY8Nh4v3jI14508ObceDvjpOOkHz8inNEZv1K/H UhkID6Wziz9PZpUkmMAIelj8r4qccsVIcO0ysy7YqqQDDf6KJ5gPm5QgCf8Kc0od TjnkBiJD8THBl3o+Nvwk0xOj4M7PzN43MAOcfm/A4TtVu8h+zrnfyvDMnAzL1eY/ 6Z1m5zqArANxmIohrFjvc1E6xIZDITXLZqOtMIGvOwIrEzpFPGfpiFLFGvWMCltS M9miEl3tvKEe9k0PLL8ZdOtID+G3Tl8umcwMS1eL44645Fj6B2XhKW8XZJpPUTRN HYPa0llSZyz4rmaa8nacGdIFcczPSKNMeRC5p61kblP51/voG0+0UP1WUIquA1b+ zl+v+sBc37sKiTSpdpB5OvG5PXF3O/z2WcJVKToInY2N8en0CuZr7Lncb0Qv5nP8 CIfcasreRGYr2CT4G57t2EKOy+7WZ79UcZ9xVRWs3Tt7JftPHT+jjv4wV6ZhaiOs otInxkknfrZEzWfpOs04eNWJWu5BqSQphL9+guV/BzaFZBvXUp8= =Czxw -----END PGP SIGNATURE-----