Accepted python-tornado 6.1.0-1+deb11u1 (source) into oldstable-security

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted python-tornado 6.1.0-1+deb11u1 (source) into oldstable-security
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Wed, 01 Jan 2025 01:50:20 +0000
Message-id: <[🔎] E1tSnsK-00CEMv-Rl@seger.debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 31 Dec 2024 02:14:38 +0100
Source: python-tornado
Architecture: source
Version: 6.1.0-1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Daniel Leidert <dleidert@debian.org>
Closes: 1036875 1088112
Changes:
 python-tornado (6.1.0-1+deb11u1) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the Debian LTS team.
   * d/patches/CVE-2024-52804.patch: Fix CVE-2024-52804 (closes: #1088112).
     - The algorithm used for parsing HTTP cookies in Tornado versions prior to
       6.4.2 sometimes has quadratic complexity, leading to excessive CPU
       consumption when parsing maliciously-crafted cookie headers. This
       parsing occurs in the event loop thread and may block the processing of
       other requests.
   * d/patches/CVE-2023-28370-1.patch,
     d/patches/CVE-2023-28370-2.patch: Fix CVE-2023-28370 (closes: #1036875).
     - Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows
       a remote unauthenticated attacker to redirect a user to an arbitrary web
       site and conduct a phishing attack by having user access a specially
       crafted URL.
Checksums-Sha1:
 0f6007e8e3c0e2710f07701bb5897725f864e6c8 2559 python-tornado_6.1.0-1+deb11u1.dsc
 c23c617c7a0205e465bebad5b8cdf289ae8402a2 513910 python-tornado_6.1.0.orig.tar.gz
 1a3dbafd684d7cae085834adb0c260af3f11eff7 12820 python-tornado_6.1.0-1+deb11u1.debian.tar.xz
 189101148276793691f29bbb056dee23555870c5 10255 python-tornado_6.1.0-1+deb11u1_amd64.buildinfo
Checksums-Sha256:
 279f7ea4b8635ca8a4b1bb8bbd51a4fcbf7f54960b4e0ebd7b92db9ce30b0d03 2559 python-tornado_6.1.0-1+deb11u1.dsc
 53a4300b786998c516fcacb76a00db6200829bf1d9b8d57e3c150bfd262e2bc8 513910 python-tornado_6.1.0.orig.tar.gz
 a7609f8505b6f71991e62faa9226c93f0680599c235db6fa767e72d11027c562 12820 python-tornado_6.1.0-1+deb11u1.debian.tar.xz
 fd79b72418c99c31082e50e100e902ca6674738afbf346fb04611af29eef909a 10255 python-tornado_6.1.0-1+deb11u1_amd64.buildinfo
Files:
 db9a9931ef4db11bd0b281d240d8b0cd 2559 web optional python-tornado_6.1.0-1+deb11u1.dsc
 2d94363f8a3dcf14dd77a796e19b0386 513910 web optional python-tornado_6.1.0.orig.tar.gz
 42ca4d808693ca6f82d05764633b412e 12820 web optional python-tornado_6.1.0-1+deb11u1.debian.tar.xz
 bf1061a5030accd378fbd1d9397f1562 10255 web optional python-tornado_6.1.0-1+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmd0mvYACgkQS80FZ8KW
0F0dew/+NAjRlsmuu6qP8VV8lsgEQrNq0oGkWz2ST/FicrWuEwmck7uRGvtR5e9w
vnhHlZYgofUDXyp0ytnAgMGMKcT4sZDuWfGjbfgXu0QiqDvcH+OLPHTth8k9jzww
B/PG7LqzqCXZnTElfdh0kj1YxGzfAI17Wq4MH1GLPxdU9xjxejzNqm3kBqoN0XtU
xhbliHHpsCNd+vPFULONUW23oKzdmChUbUJTtKVK15PCqiTEfbTtGyzfEaGMICT7
zlhPcU+X9mnpUDV00hYQW0TXW1aV+dBuFBO00V5+o5etlojpndQbHjCpmGvtu2vs
9QHgC1zuHKT15bFD0rNNCYHCIQBP1G5X/5SJYztd4xYuEJ+TaY3/b1tYZR6YweHR
nKK/eYrNqUcVI4n9ZTW7ubYr1JkTQDhNJs5mN4Kl4iZORP4oZH9CdedpMz6CjKHe
ZLFx7s8/c1sqU5/TVY0H9fkfK7zs58H4P0z/V5LJdk7NzuAQWjyCRy6K6WBVAtbS
vQUEi5x2nHuJ7mK+P+HM4YtG+jS9WsXlvQtHztZtFc8/66vH0byhFNimXgIY9ZP3
MxU2BvrRAXDw8z5P3fTsyNrx335nWOvk5jZ/k5RliQYmMTH7JAu5K32cyfd+o9y8
iEoV5pBL2bkde4hTfHCOvDub+3YrZ8gFx4QTZe4FfL+vMHc9qr4=
=hps0
-----END PGP SIGNATURE-----

Attachment: pgp4cNzQLBqah.pgp
Description: PGP signature

Reply to:

Next by Date: Accepted webkit2gtk 2.46.5-1~deb11u1 (source) into oldstable-security
Next by thread: Accepted webkit2gtk 2.46.5-1~deb11u1 (source) into oldstable-security
Index(es):
- Date
- Thread