-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 31 Dec 2024 01:53:59 +0100 Source: python-tornado Binary: python-tornado-doc Architecture: all Version: 6.2.0-3+deb12u1 Distribution: bookworm Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-grnet-03) Changed-By: Daniel Leidert Description: python-tornado-doc - scalable, non-blocking web server and tools - documentation Closes: 1036875 1088112 Changes: python-tornado (6.2.0-3+deb12u1) bookworm; urgency=medium . * Non-maintainer upload by the Debian LTS team. * d/patches/CVE-2024-52804.patch: Fix CVE-2024-52804 (closes: #1088112). - The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. * d/patches/CVE-2023-28370-1.patch, d/patches/CVE-2023-28370-2.patch: Fix CVE-2023-28370 (closes: #1036875). - Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL. Checksums-Sha1: 4f186d9c7da3b352be7f577e9a9ca3c64451449c 608164 python-tornado-doc_6.2.0-3+deb12u1_all.deb b9e6d782fb4e23e76d1ba5ea383ca8100ec92c60 9199 python-tornado_6.2.0-3+deb12u1_all-buildd.buildinfo Checksums-Sha256: c26f64092d16354b7d5b4f1f78fb135f8b7eacf46a75597c4cb20b8fc5e434df 608164 python-tornado-doc_6.2.0-3+deb12u1_all.deb 21135648d20a05be3fbbde075a14d6adfd4a4dff0de824cfcfe4ea5b52b77565 9199 python-tornado_6.2.0-3+deb12u1_all-buildd.buildinfo Files: 598ac5260052201813ea1ee382914b44 608164 doc optional python-tornado-doc_6.2.0-3+deb12u1_all.deb 947518572f12643eaef797aa3fc2afcc 9199 web optional python-tornado_6.2.0-3+deb12u1_all-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEe8x49oT2k+seQstpgDm7h4zfCpIFAmd4MPoACgkQgDm7h4zf CpJI6g/8DetMFi1+cOm7w/fHOjoFeE6K4RTHi2jWsA3WuE0RRnZRjTCGaivh7UZQ dzYWcyQu/V7vymiCtg4ruzBwLYVu63nfzEUgVpc+sAanwTVezwDUtVgw69VSctaE /Ha5xpdrfs1v72950AYxOQ/aKruQqc3MOwy+lR0YDBM+55qSeie1mjOEh5A0xamy d4XmVmO9NmMWobRKhe/CZKkqTcGkCpAMqYWqoqhuKbHccisIepgDYnChC52hgNg7 epijyKFqFzUjr3C7nzUxh+4X5r++vBTUhKcKAnGAqNUAa4mutxYuG/KcvqqyNhO3 UtboFJ8SKtCjRlu+egWcRg0wwqzyKXd1USpw0e1Ufk+UXiu2m0KzgpcSFdpd5b6O DaxkTOzKsaXMjPAvYO8xIMf8NJ+Pn6y+OI6qh9rT+QwdamNmSr3hm7zCgii7zjyg 6haOMQOw7aR5RgCR09WlnZyz8gpzPcmaQLb4/7RdAQTQbRMYWM33wmIKsZZM2tgj EzuWQOEdZT3jDHit/SA7Yl//H6yvfD8t7EpLR0P+k9tcEiwP2xkefx+F85/FQweg J6tNUE+rk/VTRGINEfFvk3sDoKyLRWaLPQ9fnWs6tUnApZSA6BbGkak5rGt0mpHI FXbrwmOzBFIjfy+dsvfR4/97+LNnVoZO4XfrQDR2l7t/j5W3EI4= =nI0l -----END PGP SIGNATURE-----