UbuntuUpdates.org

Package "python-tornado"

Name: python-tornado

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • scalable, non-blocking web server and tools - documentation
  • scalable, non-blocking web server and tools - Python 3 package

Latest version: 6.4.1-2ubuntu0.1
Release: oracular (24.10)
Level: security
Repository: main

Links



Other versions of "python-tornado" in Oracular

Repository Area Version
base main 6.4.1-2
updates main 6.4.1-2ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 6.4.1-2ubuntu0.1 2024-12-11 15:06:50 UTC

  python-tornado (6.4.1-2ubuntu0.1) oracular-security; urgency=medium

  * SECURITY UPDATE: Cookie header denial of service.
    - debian/patches/CVE-2024-52804.patch: Replace algorithm in _OctalPatt,
      _QuotePatt, and _nulljoin with _unquote_sub in tornado/httputil.py. Add
      tests.
    - CVE-2024-52804

 -- Hlib Korzhynskyy <email address hidden> Thu, 28 Nov 2024 16:38:20 -0330

CVE-2024-52804 Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2



About   -   Send Feedback to @ubuntu_updates