[SECURITY] [DSA 5938-1] python-tornado security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5938-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 06, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : python-tornado
CVE ID : CVE-2025-47287
It was discovered that the Tornado Python web framework performed
excessive logging when parsing some multipart/form-data requests, which
could result in denial of service.
For the stable distribution (bookworm), this problem has been fixed in
version 6.2.0-3+deb12u2.
We recommend that you upgrade your python-tornado packages.
For the detailed security status of python-tornado please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-tornado
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmhDMO4ACgkQEMKTtsN8
TjZ0Cg//aSk0M3jSJykvcEQke4RgFs6Mr/j0UBpbHTuE3wSvngwBpADSPPJ+L9mE
XQmedGVjN1fz66Pzhws2LsIrZzDjPItzk4JelO6/+txJMs6MADgFigKn125Xb8ob
sgiHXa1Y9rW6ZUBIBfEtZMGO3yvA/w7HVFD7UsqPGGpH8Px3YKt7rhE8yamFdLzf
lX5Iq5siWbeaH/AoxtLutufSdxlRpdDM23+9nDaq8aiuEH+qVaGWVLEZzldDtbcS
loAMc9qOb01MRNCBkgQCGydjR7W8gotL48pCB22sJE7vsUYi6DU2VMMldQrd3MRv
T5ACFJXEnHRCsmpdknKbisppyyLk/aekJpUosysqD3jG4XpjtkWpSxusZHrCVc0V
bUhkQ170B2HRfQVyEWxms8ELeUaxaIMOsVKJUFPrHgXsoLRcTha7SF+Jbvb2XYqx
/lY/bu9rxQlgjJCXiE+rPFSk9PNwH2wymTFGi32w6mvVizRxsSvuIuBV6eUi8HXr
jAPOZRw2XMCgTD589xJc7R4jHax8tP3C4JZKYQJutXNNvIdxGjLrUa6BPtGkpe6j
wJ9kKhjILw6VG+C/Sa/+7wfqyZuTRF0NjoKhVYHr3Z8OMftON41UvpJGL4FxdQh3
8c8bH1jPZP3RXGHB7ULT2+d3KRh+OvK5XkU/rwrzT2uXcrBAnwU=
=2cLN
-----END PGP SIGNATURE-----
Reply to: