[SECURITY] [DSA 5938-1] python-tornado security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5938-1] python-tornado security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Fri, 6 Jun 2025 18:27:32 +0000
Message-id: <[🔎] aEMzFHds1mbM8UjL@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5938-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
June 06, 2025                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : python-tornado
CVE ID         : CVE-2025-47287

It was discovered that the Tornado Python web framework performed
excessive logging when parsing some multipart/form-data requests, which
could result in denial of service.

For the stable distribution (bookworm), this problem has been fixed in
version 6.2.0-3+deb12u2.

We recommend that you upgrade your python-tornado packages.

For the detailed security status of python-tornado please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-tornado

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmhDMO4ACgkQEMKTtsN8
TjZ0Cg//aSk0M3jSJykvcEQke4RgFs6Mr/j0UBpbHTuE3wSvngwBpADSPPJ+L9mE
XQmedGVjN1fz66Pzhws2LsIrZzDjPItzk4JelO6/+txJMs6MADgFigKn125Xb8ob
sgiHXa1Y9rW6ZUBIBfEtZMGO3yvA/w7HVFD7UsqPGGpH8Px3YKt7rhE8yamFdLzf
lX5Iq5siWbeaH/AoxtLutufSdxlRpdDM23+9nDaq8aiuEH+qVaGWVLEZzldDtbcS
loAMc9qOb01MRNCBkgQCGydjR7W8gotL48pCB22sJE7vsUYi6DU2VMMldQrd3MRv
T5ACFJXEnHRCsmpdknKbisppyyLk/aekJpUosysqD3jG4XpjtkWpSxusZHrCVc0V
bUhkQ170B2HRfQVyEWxms8ELeUaxaIMOsVKJUFPrHgXsoLRcTha7SF+Jbvb2XYqx
/lY/bu9rxQlgjJCXiE+rPFSk9PNwH2wymTFGi32w6mvVizRxsSvuIuBV6eUi8HXr
jAPOZRw2XMCgTD589xJc7R4jHax8tP3C4JZKYQJutXNNvIdxGjLrUa6BPtGkpe6j
wJ9kKhjILw6VG+C/Sa/+7wfqyZuTRF0NjoKhVYHr3Z8OMftON41UvpJGL4FxdQh3
8c8bH1jPZP3RXGHB7ULT2+d3KRh+OvK5XkU/rwrzT2uXcrBAnwU=
=2cLN
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5937-1] webkit2gtk security update
Next by Date: [SECURITY] [DSA 5939-1] gimp security update
Previous by thread: [SECURITY] [DSA 5937-1] webkit2gtk security update
Next by thread: [SECURITY] [DSA 5939-1] gimp security update
Index(es):
- Date
- Thread