A vulnerability was discovered in python-tornado, a Python scalable, nonblocking web server.
Security Fix
The XSRF token is now encoded with a random mask on each request. This makes
it safe to include in compressed pages without being vulnerable to the BREACH
attack.
For the oldoldstable distribution (squeeze), this problem has been fixed in
version 1.0.1-1+deb6u1.
CPE | Name | Operator | Version |
---|---|---|---|
python-tornado | eq | 1.0.1-1 |