-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 01 Feb 2026 00:34:03 +0100 Source: python-tornado Architecture: source Version: 6.4.2-3+deb13u1 Distribution: trixie-security Urgency: medium Maintainer: Debian Python Team <team+python@tracker.debian.org> Changed-By: Daniel Leidert <dleidert@debian.org> Closes: 1122660 1122661 1122663 Changes: python-tornado (6.4.2-3+deb13u1) trixie-security; urgency=medium . * Non-maintainer upload by the Debian LTS team. * d/patches/CVE-2025-67726.patch: Add patch to fix CVE-2025-67726. - Fix an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS (closes: #1122663). * d/patches/CVE-2025-67725.patch: Add patch to fix CVE-2025-67725. - Fix possible DoS due to quadratic performance of repeated header lines (closes: #1122661). * d/patches/CVE-2025-67724.patch: Add patch to fix CVE-2025-67724. - Fix multiple vulnerabilities caused by custom reason phrases being used unescaped in HTTP headers (closes: #1122660). Checksums-Sha1: ec472683d44dc41ed72c676dddb74c417d2eea6f 2473 python-tornado_6.4.2-3+deb13u1.dsc 94ec7bc896d8b62364abcfc2a906165d80e1baa6 533897 python-tornado_6.4.2.orig.tar.gz a2446d5fba5373a5710efed7585fa76c4babaded 17440 python-tornado_6.4.2-3+deb13u1.debian.tar.xz 7fcda91e23791fb5e962d375b27d0ecc42720f2d 10231 python-tornado_6.4.2-3+deb13u1_amd64.buildinfo Checksums-Sha256: cc44766b1dbf762ce45f7b9cfb57fcbf28236da836c0c157b0b5b9992b262031 2473 python-tornado_6.4.2-3+deb13u1.dsc a45eec6f5fc01ed78b01a9dafceb81bf0d0440309bd478a9daadfa7c87bdd893 533897 python-tornado_6.4.2.orig.tar.gz 97cb52b9d7dd64f1df69f6e7e2f220ebf0389be70fe37e797dff211f81e5efd7 17440 python-tornado_6.4.2-3+deb13u1.debian.tar.xz e1536966e280503b502ade237f32051ae346ba2c9c76d52a7ecf166f65103902 10231 python-tornado_6.4.2-3+deb13u1_amd64.buildinfo Files: 50abbbfc0b83a57f22af087f0be40a43 2473 web optional python-tornado_6.4.2-3+deb13u1.dsc 721215aa1ab1253e79b17fd67b83a46e 533897 web optional python-tornado_6.4.2.orig.tar.gz 37fb1dee7f0f213b216dd162444e2282 17440 web optional python-tornado_6.4.2-3+deb13u1.debian.tar.xz 7b1b4414f14a445c90c90f9c64d90d11 10231 web optional python-tornado_6.4.2-3+deb13u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmmiKYYACgkQS80FZ8KW 0F2kGQ//byv8HDsh6vl446v+8BjnicLKa+5k+EopRRWLVwKaFdaCeor/d0yFNsjU VJixkO2DZGinvrH74VkoobwarYY5kjYzmIb3tfo+2WnESb9CKu6wHvFd896BQyZX DOEDuUS25aXOeOiGCoDL9D1/1/rDBQRs2ExxO60Q/yMZAf0/Jk33nkiFCqE6h8xu Ea1RYZ6xOtXoSD1B7dyp2rxds1H0+8CVKohY6dK00tbnenCYcONQoj5Mt3eA20jz RweXt2lm/Q/anx5wb0X686hmJNL7Aqyah6Bekuh/s3oaukqUfE5VcJffcgzZP+rO r3XFxYCXkGSPrVSaKXtGq6GSQoHiy/aw+LwflH+++LV13OrOueGG3LydjkFtSbWL BnHijDdB2ECN+QGeg8tTydE4lP4xkn8qT5YtaqvjYQtRsCjEidyLDcsh50ZKKuAT qhuOB+jtg4Z2+DEnooe8Z2MngseV/ngr7IlThkNXTki9XdFozgHj9Ab2EsF3RBzg y43Qq/rSbRVHUl57CE6Ol680sLJzr+sWznoaEq1I02cJr9gLSb7F9lUrhzia1XIJ qjEw/Z1gAS8kcocazKTSiV9wQeoZDpS9bjxvFvt1wzddLRHvp/dUn0y6uLOq1m1m 9XPlb9HqlumQOckhfxJ5sNi4vtBz0MU0K606+bf0vwsW4b9L9Ug= =AQKK -----END PGP SIGNATURE-----
