-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 03 Jun 2025 13:27:39 +0200
Source: python-tornado
Binary: python3-tornado python3-tornado-dbgsym
Architecture: i386
Version: 6.2.0-3+deb12u2
Distribution: bookworm-security
Urgency: medium
Maintainer: i386 Build Daemon (x86-grnet-01) <buildd_amd64-x86-grnet-01@buildd.debian.org>
Changed-By: Daniel Leidert <dleidert@debian.org>
Description:
 python3-tornado - scalable, non-blocking web server and tools - Python 3 package
Closes: 1105886
Changes:
 python-tornado (6.2.0-3+deb12u2) bookworm-security; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS team.
   * d/patches/CVE-2025-47287.patch: Add patch to fix CVE-2025-47287.
     - When Tornado's 'multipart/form-data' parser encounters certain errors,
       it logs a warning but continues trying to parse the remainder of the
       data. This allows remote attackers to generate an extremely high volume
       of logs, constituting a DoS attack. This DoS is compounded by the fact
       that the logging subsystem is synchronous (closes: #1105886).
Checksums-Sha1:
 d96f99ab1c2fd8f892ccd6f1722aa5c09fc32c11 9645 python-tornado_6.2.0-3+deb12u2_i386-buildd.buildinfo
 7afca6d0f19ba290edeb057c6826daa6ec50b4fb 4220 python3-tornado-dbgsym_6.2.0-3+deb12u2_i386.deb
 b79a04a5f8e75f92d75ecc2ce1708f91737f45f3 338560 python3-tornado_6.2.0-3+deb12u2_i386.deb
Checksums-Sha256:
 99cdb4b7c976ab025300356a4695747dd5723370525f955220e9be169fe1a40b 9645 python-tornado_6.2.0-3+deb12u2_i386-buildd.buildinfo
 6ec374c1f13d56a0ef4e1fd9719c4d76d43381687dda8e7c159c4ff9f8c7b0cf 4220 python3-tornado-dbgsym_6.2.0-3+deb12u2_i386.deb
 64e2d82fc01bb1f9a71a0455bf07bf2f47d993c6d6194209a6aa99b2933532e1 338560 python3-tornado_6.2.0-3+deb12u2_i386.deb
Files:
 149a2cfbbe5c5335b805f3d6d27866ff 9645 web optional python-tornado_6.2.0-3+deb12u2_i386-buildd.buildinfo
 f819972d22325cfc1f90e7d0d5f34bea 4220 debug optional python3-tornado-dbgsym_6.2.0-3+deb12u2_i386.deb
 43336d5a77d143ed026ddf7855d1d0ad 338560 web optional python3-tornado_6.2.0-3+deb12u2_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEv2qEY4xQXyY/2dWIvGw9w6VrLCcFAmhAvOAACgkQvGw9w6Vr
LCeT2g/9GQ/+caKXXs+GUFrXl3kSZ6aF/+l2JsJRyBog4p4PVZBZdfBgFGjN07X4
rMHQfHNnaF0fwfv7kJN1DZnScsRg+wX2i7XwiTrWaRXfCS9QmG7fyp2M8/NfSBKK
7svoeJlL9XUOW56jN5k1foEaQOY+4h64dkzAhLKA9R2xEO6nu/deNbShtw4AUBW2
CfQKa0Ox0Dz+NcB7MwHsZuZ4vYX/cun6+gjnQZjl2CTC8PN/4E1UD2POOHaov6M+
I8YYNcfeoRUPMqdEHDSzo9Nu0jrYtsTuLeTm/zUWvzr8vNiMpNwCIssqfNmaF/EH
MP7FWdkGZG4iq3FyqvBnhSrSbZWtSME0+kMhrROIgum4glMWNzW92nr7utXzvYDg
HxlaLBcov6y6nanQP5DtIX9vYFe4mm+fp4ithbSOHaeX6VP4MBthVdKjn6Gafzfh
KKXCH8L8z/iDLgP85zZlgdCRdqAkvyjoJLXOt32LE8vSH2Hw2mUsQUiQxpepyt8o
CYDC//lwmLVhwFhfiHmQxcC6ume4cppQBJuA0pcw0NZP9A+1kY6cnLh5FIeYZPA7
3gdgo9cPnuEjhC6zcqc5O3GEIsbkCJAWZwyEmtkH6yEG1epLn/kDBifylRSj9x5N
WXS0r4AqZXEHjW+hrAQK6wPY2nrhFSdftC6Dgg5eFM0bh0vSey0=
=MbKO
-----END PGP SIGNATURE-----