Debian 10519 Published by

Debian GNU/Linux has received two security updates: [DSA 5953-1] catdoc for Debian 12 and ELA-1473-1 python-tornado for Debian 10 ELTS.

[DSA 5953-1] catdoc security update
ELA-1473-1 python-tornado security update




[SECURITY] [DSA 5953-1] catdoc security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5953-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
June 29, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : catdoc
CVE ID : CVE-2024-48877 CVE-2024-52035 CVE-2024-54028
Debian Bug : 1107168

Several vulnerabilities were discovered in catdoc, a text extractor for
MS-Office files, which may result in denial of service or the execution
of arbitrary code if a specially crafted file is processed.

For the stable distribution (bookworm), these problems have been fixed
in version 1:0.95-6~deb12u1.

We recommend that you upgrade your catdoc packages.

For the detailed security status of catdoc please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/catdoc

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


ELA-1473-1 python-tornado security update


Package : python-tornado
Version : 5.1.1-4+deb10u2 (buster)

Related CVEs :
CVE-2025-47287

A vulnerability was discovered in python-tornado, a scalable,
non-blocking Python web framework and asynchronous networking library.
CVE-2025-47287
When Tornado's 'multipart/form-data' parser encounters certain errors,
it logs a warning but continues trying to parse the remainder of the
data. This allows remote attackers to generate an extremely high volume
of logs, constituting a DoS attack. This DoS is compounded by the fact
that the logging subsystem is synchronous.


ELA-1473-1 python-tornado security update