Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted python-tornado 6.1.0-1+deb11u3 (source) into oldoldstable-security
Date: Sat, 31 Jan 2026 23:10:22 +0000
Signed by: Daniel Leidert <dleidert@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 31 Jan 2026 02:34:07 +0100
Source: python-tornado
Architecture: source
Version: 6.1.0-1+deb11u3
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Daniel Leidert <dleidert@debian.org>
Closes: 1122660 1122661 1122663
Changes:
 python-tornado (6.1.0-1+deb11u3) bullseye-security; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS team.
   * d/patches/CVE-2025-67726.patch: Add patch to fix CVE-2025-67726.
     - Fix an inefficient algorithm when parsing parameters for HTTP header
       values, potentially causing a DoS (closes: #1122663).
   * d/patches/CVE-2025-67725.patch: Add patch to fix CVE-2025-67725.
     - Fix possible DoS due to quadratic performance of repeated header
       lines (closes: #1122661).
   * d/patches/CVE-2025-67724.patch: Add patch to fix CVE-2025-67724.
     - Fix multiple vulnerabilities caused by custom reason phrases being
       used unescaped in HTTP headers (closes: #1122660).
Checksums-Sha1:
 93485dc797982da774569da5665efc532fcd6a2f 2559 python-tornado_6.1.0-1+deb11u3.dsc
 c23c617c7a0205e465bebad5b8cdf289ae8402a2 513910 python-tornado_6.1.0.orig.tar.gz
 c6caf3dbf40f48bcd5a31036a5fbc8ad8b081b5a 19220 python-tornado_6.1.0-1+deb11u3.debian.tar.xz
 905ba5baa9a517f49c93ccd79c733a3b09474cb0 10271 python-tornado_6.1.0-1+deb11u3_amd64.buildinfo
Checksums-Sha256:
 ec256148a23ce30dec47fa59816140585fd7cb5a8ebcd9e819fc6bb01d62d433 2559 python-tornado_6.1.0-1+deb11u3.dsc
 53a4300b786998c516fcacb76a00db6200829bf1d9b8d57e3c150bfd262e2bc8 513910 python-tornado_6.1.0.orig.tar.gz
 960115f1f349bba7a73a843310832faa406f1343eaf42e9290a48023c2382308 19220 python-tornado_6.1.0-1+deb11u3.debian.tar.xz
 e71e9d05348d936780beb91123ecd5c116d879debba94168481b95be3a9ac2bd 10271 python-tornado_6.1.0-1+deb11u3_amd64.buildinfo
Files:
 bb7e9072ed032dbbfb8b06511f0fd72b 2559 web optional python-tornado_6.1.0-1+deb11u3.dsc
 2d94363f8a3dcf14dd77a796e19b0386 513910 web optional python-tornado_6.1.0.orig.tar.gz
 21318b06a23e9cf450bf83366e898712 19220 web optional python-tornado_6.1.0-1+deb11u3.debian.tar.xz
 0791d827fc3ea827d1b92325f617242a 10271 web optional python-tornado_6.1.0-1+deb11u3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAml+iJQACgkQS80FZ8KW
0F0d0Q/6Ao2RVD8wsVu1CqRhjSJFwLN8otLeobhwoCxJEtP6SbYThuEztSF0d7Nj
/huO1nFg4HZCLrRW2A1fdSIvLEmvabGhOeEMC6AjP7QwiTwlelPe/iVTIpN298Et
dh7r6l3MHwxq4Bw2uUS2eq5OyXPhUrRTGgUXIiaYtymRVsFSnYKx0PUvrwSlGxPL
W+ii9cidEmxFUkXnaeZPHSYDoDUhTOHk04ZmT9JpnFEbZNy7BBT4tGprjnwBlSm/
xxdA3YQ+pB92HeZHEMuty2+iGyEZn2cTc3qgJvHCci3+32upH6sPdRgJ++y74ygP
0QnUN6jvbZbgFkNAgvVffedgoe5tkPnP4aTXNfMAWFWUIvIa3IC9iVDPwDJfQZpv
oRA7aeWgC9g9l40c0Us+mIGCdoA3684sMH8Z4Ke5oFlm/rUJS+Or0z1rA6VmLrWi
wnd0QKN88BxTSv/ljZs+snkvzzlV1alcfD3DMdHDnZdzGVg9r39x27xMaKSR0YrL
Gzvi0+vQin57qlZMsiTnMAZ1bHq3jUa26zX6wPffDHTH0q5OktDqknRLsT97Gn6S
3DxJhj+KUmh5DtBlz0vLDNdNGhw1cQXkJN8V8ta8hx3/GeytLz/choo9QeqvndXN
PQ48xSDRQ4v1+jWOEamZazzj+StkisSu8kj/QQ1EMBxUyIzBwNc=
=bUkT
-----END PGP SIGNATURE-----

News for package python-tornado