Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted python-tornado 6.1.0-1+deb11u2 (source) into oldstable-security
Date: Thu, 29 May 2025 03:20:20 +0000
Signed by: Daniel Leidert <dleidert@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 29 May 2025 04:49:07 +0200
Source: python-tornado
Architecture: source
Version: 6.1.0-1+deb11u2
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Daniel Leidert <dleidert@debian.org>
Closes: 1105886
Changes:
 python-tornado (6.1.0-1+deb11u2) bullseye-security; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS team.
   * d/patches/CVE-2025-47287.patch: Add patch to fix CVE-2025-47287.
     - When Tornado's 'multipart/form-data' parser encounters certain errors,
       it logs a warning but continues trying to parse the remainder of the
       data. This allows remote attackers to generate an extremely high volume
       of logs, constituting a DoS attack. This DoS is compounded by the fact
       that the logging subsystem is synchronous (closes: #1105886).
Checksums-Sha1:
 282dacfe7b09ea851189faf69cd383e10a7f7297 2559 python-tornado_6.1.0-1+deb11u2.dsc
 c23c617c7a0205e465bebad5b8cdf289ae8402a2 513910 python-tornado_6.1.0.orig.tar.gz
 31796b8ce80f82b275beb4853a1570db375f499d 15128 python-tornado_6.1.0-1+deb11u2.debian.tar.xz
 d294bbf012dd93335d0a04ce7c14dbdd2cc619c6 10406 python-tornado_6.1.0-1+deb11u2_amd64.buildinfo
Checksums-Sha256:
 6675398110211d10cf6f3208fad3ba2e6610bd278389a9e0c148e9d89e154564 2559 python-tornado_6.1.0-1+deb11u2.dsc
 53a4300b786998c516fcacb76a00db6200829bf1d9b8d57e3c150bfd262e2bc8 513910 python-tornado_6.1.0.orig.tar.gz
 89e3dd81aa505ea4cfbe29ee00bc9b901f39f2fda8797a43db2fc33eae7146f3 15128 python-tornado_6.1.0-1+deb11u2.debian.tar.xz
 68853ab8bedf33c4ec25597aee8603c308aa8b8b8fd6729d79bf55828f45cbc3 10406 python-tornado_6.1.0-1+deb11u2_amd64.buildinfo
Files:
 a943af5d21588e7df5c0d7db7e60272e 2559 web optional python-tornado_6.1.0-1+deb11u2.dsc
 2d94363f8a3dcf14dd77a796e19b0386 513910 web optional python-tornado_6.1.0.orig.tar.gz
 e04581e9d250011c63f4a7c91ba691f8 15128 web optional python-tornado_6.1.0-1+deb11u2.debian.tar.xz
 f2aa61258f33f686c4b6e8ed2aacd6ac 10406 web optional python-tornado_6.1.0-1+deb11u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmg3zcQACgkQS80FZ8KW
0F0AvBAA2kRGOrU0NmxSvzJ9MPfAJjs2B33+UzaRL3zYdJX7YScsuC9ILhTsJWNS
IjDIdVKi8L5U0JadU7tC8BVkDNJTmX/7qm5FIm3IDPuV65XjHUfKzVE95IVRDd9S
+plsxxkguTj6Iuj8MEk0hEJI0Y2P9gLew2JLN4SnCDZr2UiCpPQZWd0mBxpZbQ7q
Xph+t8hwoyx6qWB84LfX+gOZ0H4GOT+90Wjqv5CS3/RtpSigafvOgySjVubQxLjO
6MaoG5FFeFLL56QiAm5knO7Mw9W0IF4Zu9J6nZgE7PC0EmABT9Ehck58dAfYhqeo
1R0zaKU9alDUH+bvrKxuVmVqzVqcqmMzWdDWj9B5XV6wDkM9sPtfXbrE0mqM2bi9
zp1age38Wh3nLEuaqRttxY9YM/QYO0xYuTbl874x9gZgjcNCIe7LO4PMZlmULmEy
yuLpOxpajdRs/ceUsG2v7xHISAHF7ma9lBBpT2vyIaL3zuBRuMfIV0BK4joLzMJ5
i7RvXi/T169I+m7IhMu1G8dMwdFqtO26smjG0zEG7880lYtVusKjFfXSM3oYEuJh
wrJDmbmIB9hO2ckUIr8HXIAzhNwxzFOiaikIMKiyrn6ObAHv7a2Y5fDDdW7ps2N2
liZyvua6AUc3z8c5sfLpQBiqyKPCLayPlULTxADEnf61KmO1G3g=
=qBSS
-----END PGP SIGNATURE-----

News for package python-tornado