[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 475-1] python-tornado security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : python-tornado
Version        : 2.3-2+deb7u1
CVE ID         : CVE-2014-9720

It was discovered that python-tornado, a Python web framework and
asynchronous networking library, was susceptible for the BREACH attack.
The XSRF token is now encoded with a random mask on each request. This
makes it safe to include in compressed pages without being vulnerable.

For Debian 7 "Wheezy", these problems have been fixed in version
2.3-2+deb7u1.

We recommend that you upgrade your python-tornado packages.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQJ8BAEBCgBmBQJXONHjXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkW5AP/0c+1XPoTdp6ybsxU2UIMPJh
zxQpyGQ9kjK1X9yMS6uiykyJtxhAzU9fUIlkUnA+avzGmgEmA7oDrFWdZEhk8lfW
45I8sKTxmKShReZO3+LyiWKC665Jpjt0zEkEZ0WoYjR//cw5OQzPt1dCHXuUc24T
I4tpoP/huFoYfvHef9BflmD3DuhThWGmCOHDsdBzPh5Xc0IbJzt1UipZgn7UR3gN
ZQBtv37ZdFSQXUFrwciTp8tLj72NH7pFBd0PcJJPieURbks8wAN7bz2hVC4OUWXG
BWcilywH58FbRgCYaRK019s40qvMUu2UZPWERnfl0LBqKGm9JNziFKV5itw0xA4d
0BWBlwU6vbjEVDYJA/oP5eUmHW6jrAafjruU3XEp7x7MjZ4UkYM/QocyCGNJi2Ph
MIZSUx6opcSzzVf7u8xua1yIhKmPe1MFKk4oL7r75oGYWi0cwTRApMyu2PPQfXfe
mDMQ8vbO1azzepzZ+YLMrvnBpPZhp8QZTO+38HxpIR+KHnxDXrCJpGS2rrxJrZUQ
GPS5DWPw1eSPw8SV6E7l4uiwwKm7NtM/TT2IQvt3qjqCahYTN+waMVub0xTyfgV4
onjcgTdmMZK0Y5/5UyKMWcSFWDAI/uc1tueIY1Y6pOhhOkEDTAnRCGXlKacFq7BP
u9A70ZBPGfIc0rerLwzT
=JHb6
-----END PGP SIGNATURE-----


Reply to: