-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 31 Dec 2024 01:53:59 +0100 Source: python-tornado Binary: python3-tornado python3-tornado-dbgsym Architecture: mipsel Version: 6.2.0-3+deb12u1 Distribution: bookworm Urgency: medium Maintainer: mipsel Build Daemon (mipsel-osuosl-05) Changed-By: Daniel Leidert Description: python3-tornado - scalable, non-blocking web server and tools - Python 3 package Closes: 1036875 1088112 Changes: python-tornado (6.2.0-3+deb12u1) bookworm; urgency=medium . * Non-maintainer upload by the Debian LTS team. * d/patches/CVE-2024-52804.patch: Fix CVE-2024-52804 (closes: #1088112). - The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. * d/patches/CVE-2023-28370-1.patch, d/patches/CVE-2023-28370-2.patch: Fix CVE-2023-28370 (closes: #1036875). - Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL. Checksums-Sha1: 1a1a8ebd3ac0bf172a41b76fa190ab4744ecb437 9351 python-tornado_6.2.0-3+deb12u1_mipsel-buildd.buildinfo 992f1b9c4d193b4f36b0df6951583f5f8cd0b4e0 4532 python3-tornado-dbgsym_6.2.0-3+deb12u1_mipsel.deb 0e760fe1bfcfec3f6e5b55ccdcc69102f54fc58d 338308 python3-tornado_6.2.0-3+deb12u1_mipsel.deb Checksums-Sha256: 7c037e46874169bfa88d33923b81508e2d1945eec5aca1ad2af904ebcfc1e833 9351 python-tornado_6.2.0-3+deb12u1_mipsel-buildd.buildinfo 562bc5f3fc499f474f97bde5bd501cb5dab8c8c59669401b3ddca3e9f796e889 4532 python3-tornado-dbgsym_6.2.0-3+deb12u1_mipsel.deb b78df2d766480e63aa1fb48b42676654a403de60f62a16e790c36c30cab69570 338308 python3-tornado_6.2.0-3+deb12u1_mipsel.deb Files: 3ee155d828a6e6ace31789aa8742c4bd 9351 web optional python-tornado_6.2.0-3+deb12u1_mipsel-buildd.buildinfo 70a0782e199e50f5be3c062ca1f99cf2 4532 debug optional python3-tornado-dbgsym_6.2.0-3+deb12u1_mipsel.deb 22aa17bb38e5d9a0c08b5a09e0eca385 338308 web optional python3-tornado_6.2.0-3+deb12u1_mipsel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEuQAPGkYIXAAfq7z1C2Vm2FYVKKAFAmd4TY8ACgkQC2Vm2FYV KKCnwBAApikUlqpnu2ME4s1iv4OmdhvYXgVYfFf9eApFADi8tDO3BGejbblJiZB0 du8enslembdeAoLhKuhSNWo07XlTez9mM64QdjfknmeKzAYdj5Z+XERpNmh9EGV6 kVsfZoLJ76vdjhmVGgL5PExRmXcSNEU6ChbfemL1eW8RJahFPY2Esd4BHieEvhRR ht3p4LWpYBoFuIibvG18LNpzQ+DpWEzIolvGS3Fxp9TIe1zI+eYspzn+RB36BxDT QPG29DjUuT5mDYsYI5WObnATCn5xU08F2xoo/t0t8AHbLQsFWCXfZGjRGWFnVfmw ylIvTUodk072L9u8qqF6jeURVVb8v8wfKe/jbVMJoG6+7rXqy3/Xh89fwabMkUx8 O+/Adrkp+U/McfkcYdFls1vhs7xlDJUERb4Ya4upJV5dF6y4g52ot9tMBKw3I/4C lNDBEKg7sjproekG70JprjKq9VDKWqj4q6rOnKBXOIjTBmonwiYn0uQacFQiJsdW KzGrNfQbEPUB5j4RJXiYxuXtSbQWVbbG1jLqETXySbvajFTlE2sLkIhvFDSvDaBX TPu9sASeJXvnM8cI1VeXLC6gvBoeRCheKG+kxd/EfA6IQYvrd7JxSH1rtg0qppb2 VcXSR2hCfDRQpDEtbnkVuV2jby3F1xx5Y0Wz/aZNI/OBV9M0rBQ= =zunL -----END PGP SIGNATURE-----