[DSA 5953-1] catdoc security update
ELA-1473-1 python-tornado security update
[SECURITY] [DSA 5953-1] catdoc security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5953-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
June 29, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : catdoc
CVE ID : CVE-2024-48877 CVE-2024-52035 CVE-2024-54028
Debian Bug : 1107168
Several vulnerabilities were discovered in catdoc, a text extractor for
MS-Office files, which may result in denial of service or the execution
of arbitrary code if a specially crafted file is processed.
For the stable distribution (bookworm), these problems have been fixed
in version 1:0.95-6~deb12u1.
We recommend that you upgrade your catdoc packages.
For the detailed security status of catdoc please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/catdoc
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
ELA-1473-1 python-tornado security update
Package : python-tornado
Version : 5.1.1-4+deb10u2 (buster)
Related CVEs :
CVE-2025-47287
A vulnerability was discovered in python-tornado, a scalable,
non-blocking Python web framework and asynchronous networking library.
CVE-2025-47287
When Tornado's 'multipart/form-data' parser encounters certain errors,
it logs a warning but continues trying to parse the remainder of the
data. This allows remote attackers to generate an extremely high volume
of logs, constituting a DoS attack. This DoS is compounded by the fact
that the logging subsystem is synchronous.ELA-1473-1 python-tornado security update