-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 31 Dec 2024 01:53:59 +0100 Source: python-tornado Binary: python3-tornado python3-tornado-dbgsym Architecture: ppc64el Version: 6.2.0-3+deb12u1 Distribution: bookworm Urgency: medium Maintainer: ppc64el Build Daemon (ppc64el-conova-02) Changed-By: Daniel Leidert Description: python3-tornado - scalable, non-blocking web server and tools - Python 3 package Closes: 1036875 1088112 Changes: python-tornado (6.2.0-3+deb12u1) bookworm; urgency=medium . * Non-maintainer upload by the Debian LTS team. * d/patches/CVE-2024-52804.patch: Fix CVE-2024-52804 (closes: #1088112). - The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. * d/patches/CVE-2023-28370-1.patch, d/patches/CVE-2023-28370-2.patch: Fix CVE-2023-28370 (closes: #1036875). - Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL. Checksums-Sha1: 566069ad60289e7d4d4beed00d8607b965ff83cd 9518 python-tornado_6.2.0-3+deb12u1_ppc64el-buildd.buildinfo ef59868013677e1c6878c1c0b78fd5af1adce698 4560 python3-tornado-dbgsym_6.2.0-3+deb12u1_ppc64el.deb 0b6764024f3b6d9bdc39718880e9c416dd57b4c9 338492 python3-tornado_6.2.0-3+deb12u1_ppc64el.deb Checksums-Sha256: e8506968b45c22412361b3cee2d70ce2deba841c79b1942f2bc7485ae9c919d8 9518 python-tornado_6.2.0-3+deb12u1_ppc64el-buildd.buildinfo ffc4979ad2c67097d0eb436e710907798e369ece6fa2ea5330b186c72c33b967 4560 python3-tornado-dbgsym_6.2.0-3+deb12u1_ppc64el.deb 210841170ffad4ebc316739bd5d12a4609f297f33cc36e602ce61de6e8835e7b 338492 python3-tornado_6.2.0-3+deb12u1_ppc64el.deb Files: dcba0758c1f39d2aac94c6a4f8e4826b 9518 web optional python-tornado_6.2.0-3+deb12u1_ppc64el-buildd.buildinfo 104cd495dd2336e035515836b24120b5 4560 debug optional python3-tornado-dbgsym_6.2.0-3+deb12u1_ppc64el.deb 92ddca28347045e5b0194581c28d9de9 338492 web optional python3-tornado_6.2.0-3+deb12u1_ppc64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEZAv/jpGRqS40qyb11oy1TpxF0ZAFAmd4MEIACgkQ1oy1TpxF 0ZAg9g//fsA5qPMAMwpvRYU7AgPu7KkKdAAs8hmY/5VDbw+dkfjizipaaZ4UBc9K 8tt5LQggUDvaW9FeB4E9VsZx6U8xCx6b9Dl6mc+WSm67lKbJF/erXhxlnxl3zdhp lVJW5ctq4x71KFe6G9CfqYR5XJ/+AJ2UnZwL0t5kpkEoXePQ+eg5zukmQSCB1ijp 9cOYm7tesSM/fIhd7ifNsA+bE+rY7S+vR5YXkJuW7jKSMED+X3zTEtX7mGAKF4pE 9Z7lbBleEYh+WI4GMU3sGcoWfmTp7IAXIuuEsmqvEqPUEpWHWzVlLch2y3GGAgk2 +LfYnfIagodRRI5jpGk07/RQvRnW9aQiAEQEHbPYDmiIW9No/hT+MR+oUgKU+jON m7uaxW9Tu5DmpwYJq6jHbFZfWMfCSnC/C/jLhn+bBGeRlWSMSmt74vxpz6kSAqcn TyE6LKzc9L6AX4ZH4zU01Rk37RNtsHaZ55zNHmPlL4bpq1gVXHl7gFIsJrO9gn8+ k8mRby7VpzLMxSTeKZEQKAijeZvXepKuDhQB2Pl26a8n0KN4qhYogKFIuvRuKOXY Rot+f27duJ/+ao97swG6c3/Ka6COLeAwjNZZEURLJYAbuT2HFRCtabOZnncqhjmT W+xLYiR/70nzauYnYTNnl7C3g3ZYVYYPuuy+IIdVGz+LQ9oA8o4= =Rr0u -----END PGP SIGNATURE-----