Bugs fixes in "python-tornado"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2026-35536 | In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.set_cookie were n | 2026-04-28 |
| CVE | CVE-2026-31958 | Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts i | 2026-04-28 |
| CVE | CVE-2026-35536 | In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.set_cookie were n | 2026-04-28 |
| CVE | CVE-2026-31958 | Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts i | 2026-04-28 |
| CVE | CVE-2026-35536 | In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.set_cookie were n | 2026-04-22 |
| CVE | CVE-2026-31958 | Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts i | 2026-04-22 |
| CVE | CVE-2026-35536 | In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.set_cookie were n | 2026-04-22 |
| CVE | CVE-2026-31958 | Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts i | 2026-04-22 |
| CVE | CVE-2026-35536 | In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.set_cookie were n | 2026-04-22 |
| CVE | CVE-2026-31958 | Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts i | 2026-04-22 |
| CVE | CVE-2026-35536 | In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.set_cookie were n | 2026-04-22 |
| CVE | CVE-2026-31958 | Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts i | 2026-04-22 |
| CVE | CVE-2025-67726 | Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algorithm when parsing parameters | 2026-01-09 |
| CVE | CVE-2025-67725 | Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can blo | 2026-01-09 |
| CVE | CVE-2025-67724 | Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in H | 2026-01-09 |
| CVE | CVE-2025-67726 | Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algorithm when parsing parameters | 2026-01-09 |
| CVE | CVE-2025-67725 | Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can blo | 2026-01-09 |
| CVE | CVE-2025-67724 | Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in H | 2026-01-09 |
| CVE | CVE-2025-67726 | Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algorithm when parsing parameters | 2026-01-09 |
| CVE | CVE-2025-67725 | Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can blo | 2026-01-09 |
About
-
Send Feedback to @ubuntu_updates
