-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 01 Feb 2026 00:08:44 +0100 Source: python-tornado Architecture: source Version: 6.2.0-3+deb12u3 Distribution: bookworm-security Urgency: medium Maintainer: Debian Python Team <team+python@tracker.debian.org> Changed-By: Daniel Leidert <dleidert@debian.org> Closes: 1122660 1122661 1122663 Changes: python-tornado (6.2.0-3+deb12u3) bookworm-security; urgency=medium . * Non-maintainer upload by the Debian LTS team. * d/patches/CVE-2025-67726.patch: Add patch to fix CVE-2025-67726. - Fix an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS (closes: #1122663). * d/patches/CVE-2025-67725.patch: Add patch to fix CVE-2025-67725. - Fix possible DoS due to quadratic performance of repeated header lines (closes: #1122661). * d/patches/CVE-2025-67724.patch: Add patch to fix CVE-2025-67724. - Fix multiple vulnerabilities caused by custom reason phrases being used unescaped in HTTP headers (closes: #1122660). Checksums-Sha1: e385362caeeedea1a01aadb63748d86f9428f872 2559 python-tornado_6.2.0-3+deb12u3.dsc 9e809453db3a3347b7c0e7837a189833247e0828 519040 python-tornado_6.2.0.orig.tar.gz d424784029297be3e1c351f39a6da0e11c764a6c 19728 python-tornado_6.2.0-3+deb12u3.debian.tar.xz 18131478882c2903a22aa12d8c82147033435ade 10390 python-tornado_6.2.0-3+deb12u3_amd64.buildinfo Checksums-Sha256: 6071a6ac1dd1213b821b474de9b2d1a91f4af7cd19756127ff87549011ecf1be 2559 python-tornado_6.2.0-3+deb12u3.dsc c2e902e4771eb90b057c7629fa239a59ecae63052919c3b5e61253f2c8a5f0d6 519040 python-tornado_6.2.0.orig.tar.gz 2aefe9a2a6f85a3ea835bb42d1b0723b83d51b6d1dd89a1606dbd056dfd664a9 19728 python-tornado_6.2.0-3+deb12u3.debian.tar.xz 8b9353692ad7de66c97b7fda590bde8e0fbffbe6a465ea7f30b088f659e944f4 10390 python-tornado_6.2.0-3+deb12u3_amd64.buildinfo Files: 0edf4f4447920313775ec37a34587722 2559 web optional python-tornado_6.2.0-3+deb12u3.dsc ac5546f18d57171df7f711aefbd518c6 519040 web optional python-tornado_6.2.0.orig.tar.gz 9a459bebd10248668773f1b474cda9e3 19728 web optional python-tornado_6.2.0-3+deb12u3.debian.tar.xz 2a5c4c6ede0335ad96e1966e0eefcd05 10390 web optional python-tornado_6.2.0-3+deb12u3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmmiJ5AACgkQS80FZ8KW 0F0HORAAlvYdDywzYATQatyAV9uQbh7KBhCnoPSHGFFoYmbvQQl9JEdiRKfJJV+2 XjbbgwO8Qws4lx8zhxqb/9hWYJr3nar7WgRLPPUZF38Ewid4iBLP6CymjS/AzCiV nWCTPjEvoPWTmGRhZIEOabde1KL7V85kev4Zoqi156E51TW3Z0KsEKpiG7p/NP8n LVsXd1ul5n6R1LXcBOWO+79Srs7WWBN5Gv5bi/bxKGmBfbOACbzUsiq7OebkdnA1 GIVladtFJbiQnSMqA/GeiLwkJw9hSSG3XQA013hAs651vXLQJ4uooao3U+GS2Kxn VYPtdXin8vAE3H6nzx1XdPNsrMWQOBQ3QpTQNzwFeK4yibQmiBCfPB2eFD3vvMKd pDgEaxzfRUGTPP3sHHTSKL+WuxgmrWw5tJA4YyB5d7iFrq08siSM5h3CQDJt2Dgy B/jaXNfvjbO8LVGVLVsRe9lcZZ/ik8Z1iTwj4/dQ0q+acfOw5Af58ERj7FkLyJG6 PaXu1izq87ABZ/H92uXszu8ztpKqMJf1CHuvpyRd/QtzO6uTboxfJlJ25k0OV3gg ++0dKtWPHHv54vKLNilbhtyWGSeB0o29hK2gBUtpJGyDO4NRphAmKmBpcJBe3TQ1 YJK2XIuSFm1+du8ggQKDr4dvRU2/wphQRmpczJmwctZ/FoAJYEQ= =+5cA -----END PGP SIGNATURE-----
