-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 31 Dec 2024 01:53:59 +0100
Source: python-tornado
Binary: python3-tornado python3-tornado-dbgsym
Architecture: i386
Version: 6.2.0-3+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: amd64 / i386 Build Daemon (x86-ubc-02) <buildd_amd64-x86-ubc-02@buildd.debian.org>
Changed-By: Daniel Leidert <dleidert@debian.org>
Description:
 python3-tornado - scalable, non-blocking web server and tools - Python 3 package
Closes: 1036875 1088112
Changes:
 python-tornado (6.2.0-3+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS team.
   * d/patches/CVE-2024-52804.patch: Fix CVE-2024-52804 (closes: #1088112).
     - The algorithm used for parsing HTTP cookies in Tornado versions prior to
       6.4.2 sometimes has quadratic complexity, leading to excessive CPU
       consumption when parsing maliciously-crafted cookie headers. This
       parsing occurs in the event loop thread and may block the processing of
       other requests.
   * d/patches/CVE-2023-28370-1.patch,
     d/patches/CVE-2023-28370-2.patch: Fix CVE-2023-28370 (closes: #1036875).
     - Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows
       a remote unauthenticated attacker to redirect a user to an arbitrary web
       site and conduct a phishing attack by having user access a specially
       crafted URL.
Checksums-Sha1:
 4b829d24fdcf28724179bc905c237277a545192c 9462 python-tornado_6.2.0-3+deb12u1_i386-buildd.buildinfo
 d3a4e54eac73bf001cf0bce8896b69960be4f90b 4204 python3-tornado-dbgsym_6.2.0-3+deb12u1_i386.deb
 1c449af5d3bbad7280fcfe2ec758b464d20d5fdb 338236 python3-tornado_6.2.0-3+deb12u1_i386.deb
Checksums-Sha256:
 35f91ad1d9227d4d7efc4693d9245decd68a3a9e53f39dd0f5297f281f7a52d7 9462 python-tornado_6.2.0-3+deb12u1_i386-buildd.buildinfo
 1ffba233be8eb16c0e5d358d0a541025424be6e2c166de32de8cbb104cc0e01c 4204 python3-tornado-dbgsym_6.2.0-3+deb12u1_i386.deb
 f8c4b73109da30ca7ca104add66ea6f1450682c046350747ff9b5f427bb9b292 338236 python3-tornado_6.2.0-3+deb12u1_i386.deb
Files:
 26dd06a67aa4677be078b8218650e1e4 9462 web optional python-tornado_6.2.0-3+deb12u1_i386-buildd.buildinfo
 37a4fd4fd2c9ee500fec535e692007bd 4204 debug optional python3-tornado-dbgsym_6.2.0-3+deb12u1_i386.deb
 4588badb4123a293c0f1b9616144bb88 338236 web optional python3-tornado_6.2.0-3+deb12u1_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEGBeuno8wiDXCewDuqqLQG5ksqMMFAmd4MFEACgkQqqLQG5ks
qMPbGA//ZJqwce6l0Q2w0BSXpUvlrD6YOTmj3+kBT5/yjWC30+Me/MdV1iqsSZtx
3am1Rrc7Rzq0AKdvaa1MUfL/2YbIkTc+6hzgLu4HSwgKThdaO8YE/W+KReWHSFXc
rCokF128u1Y2qAYdOdaQycOnk7tZ1Vx9cqXyiSJ6guu74KsRFqezWfFzV+AIegsV
CpBIl/zjaULyI1kwuL726qu/hMOmeTl35Y/tqUOWxd+jQyVmseED6hQDXm44SXTY
dXNWoOnNn+n+odbrsl/521mR91t3wCseq6bAUURK68UoIAyho44GKmSC3q/8SDAj
fooJI6SjfVilZz3d0VM46I0J1lmyITFfHeUGMbQZwIXGJ06+qcI1spRIjA720DTx
AlAohrXx22IqcxbVWlmaw3YGcsdC1tZZYYj9U8XxwWiuJJR425LG+KJ18k7gAcdc
HAcWx8NzBCRpqrbkjaa6VmncVR6mOa79kKnwvUj2IX3Z5LB71N+qoBv8t516xwqD
yoh9xTl6y4i3/abqyPTixjCBz3Um6g2hKZnhfohZnh4RERAbf44oAqNBkZE3Wz9U
O5RYVkxOWPKkgVIUFBitKhtTCfzNGzYIzTgRBXlpTxoAbfgWSpvJgo5VUMw9u4bR
geKkaGHU5SHgD+bbEKEz1RZFmmsg2/I2gupJr4vGJ67kCORq8VE=
=WmhS
-----END PGP SIGNATURE-----