1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted python-tornado 6.2.0-3+deb12u1 (source) into proposed-updates

    From Debian FTP Masters@21:1/5 to All on Fri Jan 3 19:40:02 2025
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Tue, 31 Dec 2024 01:53:59 +0100
    Source: python-tornado
    Architecture: source
    Version: 6.2.0-3+deb12u1
    Distribution: bookworm
    Urgency: medium
    Maintainer: Debian Python Team <team+python@tracker.debian.org>
    Changed-By: Daniel Leidert <dleidert@debian.org>
    Closes: 1036875 1088112
    Changes:
    python-tornado (6.2.0-3+deb12u1) bookworm; urgency=medium
    .
    * Non-maintainer upload by the Debian LTS team.
    * d/patches/CVE-2024-52804.patch: Fix CVE-2024-52804 (closes: #1088112).
    - The algorithm used for parsing HTTP cookies in Tornado versions prior to
    6.4.2 sometimes has quadratic complexity, leading to excessive CPU
    consumption when parsing maliciously-crafted cookie headers. This
    parsing occurs in the event loop thread and may block the processing of
    other requests.
    * d/patches/CVE-2023-28370-1.patch,
    d/patches/CVE-2023-28370-2.patch: Fix CVE-2023-28370 (closes: #1036875).
    - Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows
    a remote unauthenticated attacker to redirect a user to an arbitrary web
    site and conduct a phishing attack by having user access a specially
    crafted URL.
    Checksums-Sha1:
    77ae5d4e8ea69091922a6cf30fdc6fe4d5cd737b 2559 python-tornado_6.2.0-3+deb12u1.dsc
    9e809453db3a3347b7c0e7837a189833247e0828 519040 python-tornado_6.2.0.orig.tar.gz
    60653b35f3876d9dadf77867442f0f18e1fc8b72 13296 python-tornado_6.2.0-3+deb12u1.debian.tar.xz
    197c525eefbc74acf993baff2d8adf02a2e5b6c8 10207 python-tornado_6.2.0-3+deb12u1_amd64.buildinfo
    Checksums-Sha256:
    faee6c282c636f4cd728e0c242b5d50c5d5d088613f7aa1ca031f82d958993c4 2559 python-tornado_6.2.0-3+deb12u1.dsc
    c2e902e4771eb90b057c7629fa239a59ecae63052919c3b5e61253f2c8a5f0d6 519040 python-tornado_6.2.0.orig.tar.gz
    82cc9941610a507355a9a7cf9bd5634aa3dd45e33096cd804a666fd5fe26dcbe 13296 python-tornado_6.2.0-3+deb12u1.debian.tar.xz
    ec473a5d0772ccfde5b0e13ae720d0b26b9eb9f485eedcf4f54d575941d9b8fa 10207 python-tornado_6.2.0-3+deb12u1_amd64.buildinfo
    Files:
    2357e5dd8756e3f826a189600db3ba93 2559 web optional python-tornado_6.2.0-3+deb12u1.dsc
    ac5546f18d57171df7f711aefbd518c6 519040 web optional python-tornado_6.2.0.orig.tar.gz
    2ffb6bb5f078e1ed663631a534a4d9b4 13296 web optional python-tornado_6.2.0-3+deb12u1.debian.tar.xz
    a8a5dbcd20719d2779d10ec6d096aab2 10207 web optional python-tornado_6.2.0-3+deb12u1_amd64.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmd3MIEACgkQS80FZ8KW 0F0DEg/9E69ZEvuy2gjRTEQ+N9xe9WO01yFxGVK5QZmaCHRzJpcMrxZPKER6fXp4 3bTL4vS/q0SLHGt3aRJs54MFPGjD03TRMUrE4d+VkGcjQrCAznfW0gdf/Qt/ranp +za7rlnSy+0phhseW60RLvVT/J0KqNEnQIFAIAjczgmffpjiq0J6DDiiBxqncFyV 4UGnD8So4rdCHFroZo+2lQsnCYQUrmUf1q67DQHH25kVPgBP7qEZ0YSBbCuigFkq kjWOfBBENvlotmiep/49JnqrUkqEGP1sgfje/K/QcYgOMOm4o2HYGOfK9wFlDhVL AK8L+nmkUcSZ2pu6UMHzY5mBKJCQOKtQuZ5dWVeydOwUFzSMl4JWmOCTlXqg2R11 poHza/LsFPx06vZFlEgyv3HJyYQgk6fLVPenSeeC5qj6CwV3WOPk9qqmdEIVv67u rA44gYTW2iM+YzNstb5sETSlPp3dih0LFJhfVcC8YCRjsep/hc7uKF5EBnyWsC2R xjhTJBUi/1bb31j3J0tAs519iT6tAFZpIhSAZnQk6/sMNHHIUG1kAckDr4KM7vsn T6wSPXhSsBd6EK6TsIgq+YEBQG684IQNWa8ZiNOmDG1kM4HSduzesg32SwyGmJHf A6CcVGt37O7SihZA0YsJDeDh7Fibo8f3l158cYlsfvTiyk+C0zI=
    =5Bq+
    -----END PGP SIGNATURE-----


    --============== 33365682389629128=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCZ3gtKgAKCRCb9qggYcy5 IZuBAPsHyF4MNbJ4V7vcrUMfOpz85Bx0QAPjmlIJ7Ye7TT/S9wEAnZK+7xcLTRu3 CBVHfZlpzDrZjHw5ugs6lCWY0VaS/Qk=aqA7
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)