-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 31 Dec 2024 01:53:59 +0100
Source: python-tornado
Architecture: source
Version: 6.2.0-3+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Daniel Leidert <dleidert@debian.org>
Closes: 1036875 1088112
Changes:
python-tornado (6.2.0-3+deb12u1) bookworm; urgency=medium
.
* Non-maintainer upload by the Debian LTS team.
* d/patches/CVE-2024-52804.patch: Fix CVE-2024-52804 (closes: #1088112).
- The algorithm used for parsing HTTP cookies in Tornado versions prior to
6.4.2 sometimes has quadratic complexity, leading to excessive CPU
consumption when parsing maliciously-crafted cookie headers. This
parsing occurs in the event loop thread and may block the processing of
other requests.
* d/patches/CVE-2023-28370-1.patch,
d/patches/CVE-2023-28370-2.patch: Fix CVE-2023-28370 (closes: #1036875).
- Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows
a remote unauthenticated attacker to redirect a user to an arbitrary web
site and conduct a phishing attack by having user access a specially
crafted URL.
Checksums-Sha1:
77ae5d4e8ea69091922a6cf30fdc6fe4d5cd737b 2559 python-tornado_6.2.0-3+deb12u1.dsc
9e809453db3a3347b7c0e7837a189833247e0828 519040 python-tornado_6.2.0.orig.tar.gz
60653b35f3876d9dadf77867442f0f18e1fc8b72 13296 python-tornado_6.2.0-3+deb12u1.debian.tar.xz
197c525eefbc74acf993baff2d8adf02a2e5b6c8 10207 python-tornado_6.2.0-3+deb12u1_amd64.buildinfo
Checksums-Sha256:
faee6c282c636f4cd728e0c242b5d50c5d5d088613f7aa1ca031f82d958993c4 2559 python-tornado_6.2.0-3+deb12u1.dsc
c2e902e4771eb90b057c7629fa239a59ecae63052919c3b5e61253f2c8a5f0d6 519040 python-tornado_6.2.0.orig.tar.gz
82cc9941610a507355a9a7cf9bd5634aa3dd45e33096cd804a666fd5fe26dcbe 13296 python-tornado_6.2.0-3+deb12u1.debian.tar.xz
ec473a5d0772ccfde5b0e13ae720d0b26b9eb9f485eedcf4f54d575941d9b8fa 10207 python-tornado_6.2.0-3+deb12u1_amd64.buildinfo
Files:
2357e5dd8756e3f826a189600db3ba93 2559 web optional python-tornado_6.2.0-3+deb12u1.dsc
ac5546f18d57171df7f711aefbd518c6 519040 web optional python-tornado_6.2.0.orig.tar.gz
2ffb6bb5f078e1ed663631a534a4d9b4 13296 web optional python-tornado_6.2.0-3+deb12u1.debian.tar.xz
a8a5dbcd20719d2779d10ec6d096aab2 10207 web optional python-tornado_6.2.0-3+deb12u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmd3MIEACgkQS80FZ8KW
0F0DEg/9E69ZEvuy2gjRTEQ+N9xe9WO01yFxGVK5QZmaCHRzJpcMrxZPKER6fXp4
3bTL4vS/q0SLHGt3aRJs54MFPGjD03TRMUrE4d+VkGcjQrCAznfW0gdf/Qt/ranp
+za7rlnSy+0phhseW60RLvVT/J0KqNEnQIFAIAjczgmffpjiq0J6DDiiBxqncFyV
4UGnD8So4rdCHFroZo+2lQsnCYQUrmUf1q67DQHH25kVPgBP7qEZ0YSBbCuigFkq
kjWOfBBENvlotmiep/49JnqrUkqEGP1sgfje/K/QcYgOMOm4o2HYGOfK9wFlDhVL
AK8L+nmkUcSZ2pu6UMHzY5mBKJCQOKtQuZ5dWVeydOwUFzSMl4JWmOCTlXqg2R11
poHza/LsFPx06vZFlEgyv3HJyYQgk6fLVPenSeeC5qj6CwV3WOPk9qqmdEIVv67u
rA44gYTW2iM+YzNstb5sETSlPp3dih0LFJhfVcC8YCRjsep/hc7uKF5EBnyWsC2R
xjhTJBUi/1bb31j3J0tAs519iT6tAFZpIhSAZnQk6/sMNHHIUG1kAckDr4KM7vsn
T6wSPXhSsBd6EK6TsIgq+YEBQG684IQNWa8ZiNOmDG1kM4HSduzesg32SwyGmJHf
A6CcVGt37O7SihZA0YsJDeDh7Fibo8f3l158cYlsfvTiyk+C0zI=
=5Bq+
-----END PGP SIGNATURE-----
Attachment:
pgplKyoJjRiJv.pgp
Description: PGP signature