[SECURITY] [DLA 279-1] python-tornado security update

[Scott Kitterman <scott@kitterman.com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : python-tornado
Version        : 1.0.1-1+deb6u1
CVE ID         : CVE-2014-9720 

A vulnerability was discovered in python-tornado, a Python scalable, non-
blocking web server.

CVE-2014-9720

CSRF cookie allows side-channel attack against TLS (BREACH)

Security Fix

The XSRF token is now encoded with a random mask on each request. This makes
it safe to include in compressed pages without being vulnerable to the BREACH
attack. 
    
For the oldoldstable distribution (squeeze), this problem has been fixed in
version 1.0.1-1+deb6u1.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBCAAGBQJVr5IpAAoJEHjX3vua1Zrxj2cP/2EXfsNlxBAIfDB/bJ6adCI8
0ej7Qx5ccdh8ha+bAoi53NoIy+jxWIODN36cbJnrl3HFyve3hnX17Dk6ACzscR7p
xcK/lKZKb0FuGMNWayOdqVovp6R5Gyb4J5So+X6DVvEidzVMysW8XRuSZUf6DiIe
9LGBLgeWgGrRfFL6OAaXa/hPS3VhYu1tJhyTS+IV7AIXROAeN0rXlTx0JXvfLkZ6
DQAJKDUwBKONpp7ciBnYLxio9itju35ljUxai1nXQV26QCpYRkTzH45Fv0goNJnW
CzzQ9f9ruh8PU2NKNGzuzTMh+D9kVQQR8lyu4IKcMcfUhsTGYmHmFUlBhl1uAcuf
8GnRq3sPzyjFPaRVvpDNCURVI6lBHsIaCfMDZb3fcdWFC396CJL4jysW4R5HmSf9
cAqtCx/ZuNM8DFsqAa/4hjdcD2+m/Vue3rkbB+4zfw8cDgPx/P+tCSNtpUeEJdzR
P2K8mDug+wkax8sk1PdsWHzTDV5oq6qQhWK71utYNxDOhzTFXEVYngM1fllkkxwl
8HQQPiLNgkznhGZ0D8zPcIZdqEjWrZC1JKbZ5d3CUcLt3DYTuPSobCgG/S2O2S2w
hULBiGQNodHRcLbKtCP3Fio+P6uWwOkG/ainZ/OmtSEuGsz2jhPaeMu/wQQMtd26
rst+SYAm4IRHoTlHdmK2
=z+V0
-----END PGP SIGNATURE-----