Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted python-tornado 6.4.2-1 (source) into unstable
Date: Fri, 29 Nov 2024 13:34:31 +0000
Signed by: Colin Watson <cjwatson@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 29 Nov 2024 13:09:50 +0000
Source: python-tornado
Architecture: source
Version: 6.4.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Closes: 1088112
Changes:
 python-tornado (6.4.2-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream release:
     - CVE-2024-52804: Parsing of the cookie header is now much more
       efficient.  The older algorithm sometimes had quadratic performance
       which allowed for a denial-of-service attack in which the server would
       spend excessive CPU time parsing cookies and block the event loop
       (closes: #1088112).
Checksums-Sha1:
 66524e7bbb59ba2bf10ccd5f60b122f983fde40a 2561 python-tornado_6.4.2-1.dsc
 94ec7bc896d8b62364abcfc2a906165d80e1baa6 533897 python-tornado_6.4.2.orig.tar.gz
 d659b53cd62ad8c7d984240c1288e8757191b73d 10256 python-tornado_6.4.2-1.debian.tar.xz
Checksums-Sha256:
 5c865b4facece26025a96f9233087bd16bfae709bd2e878d6f258812800bc3bc 2561 python-tornado_6.4.2-1.dsc
 a45eec6f5fc01ed78b01a9dafceb81bf0d0440309bd478a9daadfa7c87bdd893 533897 python-tornado_6.4.2.orig.tar.gz
 f84da84704d13c2076090ce0e3f8b0e366d432330d0df6abc883d620e739d653 10256 python-tornado_6.4.2-1.debian.tar.xz
Files:
 5502a9e01d65d5d0f97d2296c9ad020a 2561 web optional python-tornado_6.4.2-1.dsc
 721215aa1ab1253e79b17fd67b83a46e 533897 web optional python-tornado_6.4.2.orig.tar.gz
 0f533e1cd6381b6a93e330211d312389 10256 web optional python-tornado_6.4.2-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmdJvWUACgkQOTWH2X2G
UAvBeQ/7BLrUfPp504qzjXuz/n7Nej3+FDXUZuHfDiKDmAOb8bqn9v4i1GVUkoHR
2T4xp9ZRBokteZ3DEXBO4zpBM1mnDAw2F1wvofU19YVKBkzArSALnCf4bVUAu5uf
FnucaR3bzNzSpgJA8wD+ttwaMkUqJgZgghQmg8gXeYn27sK25VHWcULq7xCL0PG+
8mmZVJueIgmogGGmecTbXZEZVvxF36hJgwIYrYCskxxsfolMceaza8/pe3o5l/ki
PQXPFrkn7mF4OuNPyR4X2E1xUpoWDcLgkoflgng1RKbpsOCcfbVxxynBHdvy/Xug
B06/zKTGejBl03tBmyrEbhdZYPECnumpu+8NchXeCn24d1q1qHm4snfTQlxaeF4D
FENrbyUGM30zg9OrGj3FwY4DujC91LPsrMeCyixmYa9Fctq5pg0py21W3/7fmuaK
bT6xzDFIURzadSVvQLpt4+ibMeqA815rgsMSMNwQDUoe+EaGt1lkLhRxHPGwA7z6
TDONRvZQ7h2RhY3Vf9e/B7X1LIiNMGQYZiJEIp920gCtgNB5L/qDRdw97SIf9M9C
3726kV3pRY9ixqfihBEIiyWQ1zR6kxxV5gmKnwTF63yZ3CnqQLjBmBAIsf//OZJn
coipl3miILZDGF3Bh2sZQkS5W6BFIbd/jWqW+ZalmGudLK8Z2cI=
=qMX7
-----END PGP SIGNATURE-----

News for package python-tornado